TELUS announces #StandWithOwners 2025 winners

Posted in Commentary with tags on October 23, 2025 by itnerd

TELUS has announced the winners of its sixth #StandWithOwners – Canada’s largest small business contest – celebrating the owners who have made it in Canada. From the thousands of applications received, 20 outstanding Canadian businesses representing a broad selection of industries have been recognized for demonstrating how they leverage technology to drive innovation and stand out, while creating meaningful change in their local economy and community.

Their recognition is part of TELUS’ ongoing dedication to supporting Canadian businesses. Since 2020, TELUS has invested over $6 million through the #StandWithOwners program, providing essential funding, technology and exposure to help businesses thrive in a digital world.

This year’s five grand prize winners are:

  • Ashored Innovations: Led by owner Aaron Stevenson, Ashored Innovations addresses a critical environmental issue by tackling marine life entanglement in fishing gear through innovative “rope-on-demand” technology. Inspired by a 2017 North Atlantic right whale unusual mortality event, Ashored retrofits existing lobster and crab traps with underwater buoys that use acoustic release technology to surface only when remotely activated by fishermen. This system stows the rope in a cage connected to the traps, preventing both gear loss and marine entanglements. The technology is now used across three continents for commercial fishing and scientific monitoring of subsea noise pollution and climate-related environmental variables.
  • mddl: Owners Darlene Jehn and Alkharim Devani recognized the critical need for accessible housing options, creating mddl, a real estate company dedicated to empowering communities to build diverse, sustainable “missing middle” housing through education, technology, and policy advocacy by fostering a more equitable approach to development. Their training programs support small-scale developers while partnering with cities to modernize zoning and unlock public land, creating more accessible and equitable housing solutions. 
  • Sepura Home Ltd.: Revolutionizing kitchen waste management with its innovative IoT-enabled composting garbage disposal system, owner Victor Nicolov developed a clean, compact, and hands-free solution that seamlessly integrates into modern kitchens. The system addresses the growing burden traditional garbage disposals place on wastewater infrastructure while eliminating the inconvenience of existing composting methods. Through an integrated mobile app, Sepura Home Ltd. provides users with system control, environmental impact insights, and over-the-air software updates, currently making it the only food waste system that continuously improves over time.
  • UKKÖ Robotics: Owners Daniel Badiou and Katrina Jean-Laflamme created UKKÖ Robotics, addressing the need for efficient solutions to automate livestock pasture management, providing unique, solar-powered, autonomous barns for livestock, promoting regenerative agriculture and supporting small farmers. Their flagship product, the ROVA Barn, features a floorless design and autonomously moves small livestock to fresh pasture areas multiple times daily. This innovative approach reduces the environmental impact of livestock farming while significantly decreasing the labour required for pasture management. 
  • Vets Around the Corner: Not just a veterinary clinic, owners Dr. Devon Barnes, Dr. Lindsay Patterson, James Clague, and William Woodstock created Vets Around the Corner, a community-driven animal hospital that launched the Community Veterinarian Program, a mobile, not-for-profit initiative eliminating barriers to veterinary care for marginalized, low-income, and underserved populations. By retrofitting a decommissioned ambulance into a mobile veterinary exam room, they are bringing wellness exams, medical treatments, and health education directly to retirement residences, shelters, community centers, and First Nations communities.

The five grand prize winners each receive a $200,000 prize package, including $75,000 in direct funding, $80,000 in advertising and business exposure, $35,000 in TELUS and Samsung technology, and $10,000 in TELUS Health wellbeing support. An additional 15 winners each receive $20,000 in funding and technology. 

To learn more about all 20 of our inspiring winners visit telus.com/winners

Leave a comment »

1 in 3 Canadian organizations hit by Ransomware, but only 25% fully recover

Posted in Commentary with tags , on October 23, 2025 by itnerd

 OpenText today released the findings of its fourth annual Global Ransomware Survey. The survey of almost 1,800 security practitioners and business leaders highlighted a rising tension between confidence and risk: confidence in ransomware readiness is rising yet concern over AI-driven attacks and third-party vulnerabilities are growing just as fast.

Organizations believe they’re ready to bounce back from ransomware — but AI is rapidly changing the threat landscape. New attack methods, weak governance, and supply chain vulnerabilities are exposing critical gaps between preparation and performance, creating a higher-stakes environment for defenders and leaders alike. This is especially true for SMBs that have fewer formal AI policies. 

Key survey findings include:

False Sense of Confidence Grows, as AI Raises the Stakes
Organizations feel more prepared than ever to recover from ransomware attacks, but AI introduces a growing layer of complexity that’s causing unease. While internal GenAI use is rising, so are external AI-powered threats. Organizations are navigating a high-stake balancing act to enable innovation while managing risk.

  • Ninety-four percent of Canadian respondents are confident in their ability to recover from a ransomware attack, but only 25% of those attacked fully recovered their data.
  • Eighty-two percent allow employees to use GenAI tools, yet less than half (40%) have a formal AI use policy fully implemented.
  • Thirty-nine percent report increased phishing or ransomware due to AI; 30% have seen deepfake-style impersonation attempts.
  • Top AI-related concerns among Canadian respondents include data leakage (30%), AI-enabled attacks (25%), and deepfakes (14%).

Unmanaged Supply Chain Pathways Create Hidden Risks
While much of the ransomware conversation centers on AI, supply chain and third-party risks remain a quiet but dangerous threat. Attacks are both more frequent and distributed, often entering through vendors, partners, or unmanaged digital pathways.

  • One in three Canadian companies (31%) experienced a ransomware attack in the past year; nearly half of those (48%) were hit more than once.
  • Thirty-two percent of Canadian victims paid a ransom; 21% paid $250K or more.
  • Only 25% of those hit fully recovered their data; 3% recovered nothing.
  • Eleven percent experienced ransomware attacks originating from a software vendor.
  • Over two-thirds (67%) of Canadian organizations now assess software supplier cybersecurity; 75% have patch management in place.

Sophistication of Ransomware Attacks Raises Awareness
The rise of AI and the spread of ransomware across critical business systems have pushed cybersecurity into the spotlight. What was once seen as an IT issue is now recognized as a core strategic concern for boards and executive teams.

  • Sixty percent of Canadian respondents say their executive team sees ransomware as a top three business risk.
  • Nearly half (48%) have been asked by customers or partners about ransomware readiness in the past year.
  • 2026 investment priorities include network protection (54%), cloud security (53%), and backup technologies (48%).
  • A majority (64%) conduct regular security awareness training; 11% offer none.

For additional findings from the OpenText Cybersecurity 2025 Global Ransomware survey, view the infographic.

Protecting against ransomware now depends not just on internal defenses, but also on how effectively organizations, partners, and technology providers work together to close security gaps before they’re exploited. To learn more about their enterprise solutions, explore OpenText Cybersecurity Cloud. To learn more about their offerings for SMBs, click here.

Survey Methodology

In September 2025, OpenText Cybersecurity surveyed 1,773 C-level executives, security professionals, and security and technical directors from SMBs and enterprises in the United States, Canada, the United Kingdom, Australia, France, and Germany. Respondents represented multiple industries, including technology, financial services, retail, manufacturing, healthcare, education, and more.

Leave a comment »

New Research Reveals Coordinated Campaign Targeting Perplexity Comet Users Across Various Attack Vectors

Posted in Commentary with tags on October 23, 2025 by itnerd

Today, BforeAI released the company’s research of an investigation into fraudulent and malicious activities targeting users seeking to download Perplexity’s Comet AI browser.

The analysis reveals a coordinated campaign of domain squatting, fraudulent mobile applications, and deceptive advertising designed to capitalize on the legitimate Comet browser’s popularity.

The research dives reveals:

  • Suspicious domains investigated with varying threat levels
  • Critical-level mobile app threats identified on Google Play Store
  • Domains registered in 2025 following Comet’s launch timeline
  • Multiple attack vectors including fake downloads, malvertising, and brand impersonation observed on search engines.

You can find the research here: https://bfore.ai/report/malicious-activity-surrounding-perplexity-comet-browser-launch-threat-research/

Leave a comment »

Consumers Expose Passwords in Password Manager/VPN Exchanges New Study Shows

Posted in Commentary with tags on October 23, 2025 by itnerd

Researchers with Ontario Tech University, PureSquare, and CQR Cybersecurity have published a new study warning that consumers and businesses that use separate VPNs and password managers are susceptible to concurrent multi-vector attacks that put their data at risk.

The use of disparate password managers and VPNs from different vendors (security tool fragmentation) creates a previously unknown security gap. Threat actors exploit this gap and consumer ‘alert fatigue’ to steal credentials.

The measured cost of security tools fragmentation:

  • 44% of users receive overlapping alerts.
  • 38% receiving overlapping alerts say they ignore them.
  • 29–34% of people leave tools disabled or miss paid features entirely.
  • Redundant subscriptions account for 24% of annual security tool costs.
  • The high cost of tool fragmentation and alert chaos: $400 million is lost every year to multi-surface attacks (see below).
  • Personal pre-breach costs to consumers: duplicative “chaos tax” expenditures can cost more than $850 per consumer, per year.
  • The average person now manages 3.4 security apps, spends up to 27 hours a year maintaining them, and wastes between $574 and $850 annually on redundant subscriptions and unmanaged risks.

Ironically, this results in people spend hundreds of dollars and dozens of hours every year managing overlapping, non-integrated security tools, but are actually spending more and working harder to be less secure.

The “alert fatigue” blind spot that stems from notification flood cycles became especially visible during the 2025 Google breach affecting 2.5 billion Gmail accounts. The breach drove individuals to flood forums and search engines with urgent “what to do” queries while scrambling across multiple apps.

One App, Complete Protection

Leading from this research, PureVPN has unified VPN, Password Manager, Dark Web Monitoring, Tracker & Ad Blocker, and Data Removal into a single unified platform. Instead of multiple apps competing for the consumer’s attention, users receive one alert stream, one workflow, and one place to act.

Notifications are consolidated and prioritized to reduce false alarms, while the new bottom navigation keeps breach-response tools easily accessible under stress.

You can read the study here.

Leave a comment »

Pave Bank raises $39 million to scale world’s first programmable bank built for digital assets and AI era 

Posted in Commentary with tags on October 23, 2025 by itnerd

The future of finance is shifting on-chain. As that shift accelerates, the world’s financial system is being rebuilt around tokenisation, the programmability of money and assets, along with a focus on regulation, risk and compliance. Pave Bank, a fully licensed commercial bank built for this new financial architecture, today announced it has raised over $39 million in funding led by Accel, with participation from Tether Investments, Quona Capital, Wintermute, Helios Digital Ventures, Financial Technology Partners, Yolo Investments, Kazea Fund, and GC&H Investments. The round brings the company’s total funding to more than $44 million and positions Pave Bank to expand its regulatory footprint, accelerate product development, continue to build institutional grade infrastructure and scale its client coverage across global markets.

Pave Bank was founded on two core ideas: that the future of money is programmable, and that businesses need a regulated, bank-grade counterparty capable of operating seamlessly across both traditional and digital asset rails. Today, the company offers a single platform that unifies commercial banking services – deposit accounts, broad payment coverage, deep FX liquidity, payment card issuance and corporate treasury management – with institutional-grade digital asset management, an instant settlement network and an OTC trading desk. Instead of managing multiple providers for fiat banking, custody, and liquidity, clients can operate across both systems under one regulatory framework, one compliance standard, and one interface.

Businesses using Pave Bank can manage both fiat and digital assets in real time, automate treasury operations, and reduce reliance on intermediaries. An exchange or market maker can manage both digital assets, fiat and fixed income treasury products in one place, and at the same time, deal with their counterparties using the Pave Network – enhancing operational liquidity and mitigating operational risk. Corporates exploring using stablecoins in their operations can unify digital assets and fiat corporate treasuries with regulatory clarity and in a secure manner – improving speed, control, and cost efficiency. 

Since launching, Pave Bank has focused on building a sustainable, technology-driven operating model rather than chasing top-line growth. The company achieved profitability in seven of its first nine months of operation – a rare milestone for a newly licensed bank – by leveraging automation and AI across software engineering, compliance, operations, and treasury functions. With a team of just over fifty people, the bank expects to continue to scale intelligently while maintaining profitability along with a core focus on risk and compliance. 

The financing reflects growing institutional demand for a new kind of financial institution – one that can manage regulated digital assets, from stablecoins to bitcoin, alongside everything that is expected from a commercial bank, provide instant settlement and programmable flows, and have prudential oversight. Pave Bank has been building within regulatory frameworks for digital assets from day one, and as these regulations mature and harmonize, Pave Bank is working directly with regulators to ensure compliance and interoperability across jurisdictions.

Looking ahead, Pave Bank plans to expand its licensing coverage, deepen its programmable treasury and institutional financial products, and integrate with major financial and digital asset ecosystems. The long-term vision is to become the trusted corporate and institutional global financial institution -the place where the traditional and digital economies finally operate as one.

Leave a comment »

Apache Syncope Allows Malicious Admins to Inject Groovy Code 

Posted in Commentary with tags on October 23, 2025 by itnerd

A researcher has uncovered an RCE vulnerability in open-source identity management system Apache Syncope through its Groovy scripting feature. On versions prior to 3.0.14 and 4.0.2, an administrator can upload Groovy code that executes with the privileges of the running Syncope Core process, enabling remote code execution (RCE).

You can find more details here:

 https://gist.github.com/N3mes1s/213e20931ea2d27af5c47e90dedbe05f

Henrique Teixeira, SVP of Strategy, Saviynt, commented:

“First, credit to the researcher and Apache for identifying and resolving this issue. CVEs like this matter. If exploited, attackers could execute code, exfiltrate secrets, or pivot across environments. But we also need to look at the threat model: exploitation requires administrative access to the tenant or domain. And if someone already has admin rights in an identity system, it’s effectively game over. That person can create or remove users, escalate privileges, and move laterally across systems.

This highlights why identity controls are so critical. Organizations should upgrade to the patched Syncope versions, avoid Groovy in favor of Java implementations, and enforce least privilege and strong authentication. Log everything, continuously audit admin activity, and prioritize identity hygiene by removing unused permissions and applying just-in-time privilege access. The bigger picture is that while patching vulnerabilities is essential, most breaches still start with exposed or misused identities. Securing them must remain the first line of defense.”

This was fixed pretty quickly. But next time, because there is always a next time, the world may not be so lucky. Thus having a layered defensive structure that includes the suggestions that Mr. Teixeira made above is the best advice that organizations could receive.

Leave a comment »

Qilin Ransomware: Now the most prolific gang of the last few years says Comparitech

Posted in Commentary with tags on October 23, 2025 by itnerd

Comparitech researchers has published a research study diving into this very ransomware gang.

Key findings for Qilin in 2025 include:

  • 701 victims (118 of these attacks have been confirmed)
  • 45 attacks on healthcare providers (14 confirmed)
  • 40 attacks on government entities (22 confirmed)
  • 26 attacks on the education sector (7 confirmed)
  • 590 attacks on businesses (75 confirmed):
    • 143 on manufacturers (11 confirmed)
    • 108 on service-based businesses (9 confirmed)
    • 69 on finance companies (27 confirmed)
    • 50 on retailers (2 confirmed)
    • 34 on construction companies (2 confirmed)
  • 788,377 records breached in the confirmed attacks
  • 116 TB of data stolen across all attacks (47 TB in confirmed attacks)
  • The US accounts for the most attacks (375), followed by France (41), Canada (39), South Korea (33), and Spain (26)

You can read more here: https://www.comparitech.com/news/qilin-ransomware-stats-on-attacks-ransoms-data-breaches/

Leave a comment »

SOCRadar Serves Up The Top 10 AI Deepfake Detection Tools to Combat Digital Deception in 2025 

Posted in Commentary with tags on October 22, 2025 by itnerd

Deepfake technology is increasingly being used in sophisticated fraud schemes, making it harder for individuals and businesses to distinguish real from fake. Scammers have used AI-generated voices to impersonate executives, leading to financial losses, while cybercriminals exploit deepfakes for identity theft and phishing attacks. Manipulated videos and AI-generated speeches can also be used to spread false information, particularly during elections or political events. With social media accelerating the spread of digital content, ensuring that news organizations and platforms can verify the authenticity of videos and images is more important than ever.

Businesses that rely on voice authentication and digital verification must now implement detection tools to protect sensitive data and prevent fraud. In industries such as banking, law enforcement, and cybersecurity, deepfake detection is crucial for preventing unauthorized access and maintaining secure authentication systems.

As a result, many organizations now use AI-powered tools to analyze biometric data, verify identities, and detect synthetic media before it can cause harm. As deepfake technology advances, having reliable detection solutions will be essential for maintaining trust and security in an increasingly AI-driven world.

Researchers at threat intelligence cybersecurity company SOCRadar have published a list of Top 10 AI Deepfake Detection Tools to Combat Digital Deception in 2025. This is worth your time to read.

Leave a comment »

FlightHub Creates New Commercial Using AI Powered Video Enhancements

Posted in Commentary with tags on October 22, 2025 by itnerd

FlightHub produced a new commercial highlighting their mobile app, but instead of relying on traditional visual effects, the team turned to AI-powered video enhancement to elevate the visuals in a faster, smarter, and more cost-efficient way. 

Some key highlights include: 

  • Six times lower production cost: By using AI to enhance visual elements instead of traditional VFX, FlightHub achieved the same high-quality result at a fraction of the typical cost. 
  • Cinematic quality, simplified process: The AI workflow enabled realistic motion and environmental effects, all while maintaining the creative integrity of live-action footage. 
  • Faster creative turnaround: AI tools made it possible to preview, iterate, and refine visuals in real time, reducing bottlenecks between creative and post-production teams. 
  • Human + AI collaboration: The project showcased how AI can support (not replace) creative professionals, blending human vision with machine precision to achieve a seamless final product. 
  • Proof of innovation: This campaign reinforces FlightHub’s commitment to experimenting with emerging technologies that enhance creativity, efficiency, and storytelling in travel marketing. 
  • Sustainability benefit: A lighter production footprint (fewer reshoots, less rendering time, and optimized resources) contributed to a more sustainable creative process. 

You can see the commercial here:

Leave a comment »

Sharepoint ToolShell attacks targeted organizations across four continents

Posted in Commentary with tags on October 22, 2025 by itnerd

Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations.

The same threat actors also compromised two government departments in the same African country during the same time period. Zingdoor, which was deployed on the networks of all three organizations, has in the past been associated with the Chinese group Glowworm (aka Earth Estries, FamousSparrow). 

Commenting on this is Roger Grimes, CISO Advisor at KnowBe4: 

“I think this is yet another great example of why default auto-patching should be required in every software program and device with firmware. That’s because every patch for every announced vulnerability will not be applied 100% by everyone. In fact, it’s very common for 10% – 25% of related instances to remain unpatched for months — and even years — after a patch is released. There are always people who don’t apply critical patches for some reason or another. But if auto-patching were the default, more instances would get patched in a timely manner.”

I wasn’t a believer in patching as soon as patches come out. But I have changed my mind on that front and I patch everything ASAP to stop a threat actor from making my life miserable. Perhaps you should consider doing the same thing as clearly this is a today problem.

Leave a comment »

« Older Entries
Newer Entries »