Daily Tech Digest - June 04, 2025


Quote for the day:

"Thinking should become your capital asset, no matter whatever ups and downs you come across in your life." -- Dr. APJ Kalam


Rethinking governance in a decentralized identity world

“Security leaders can take three discrete actions to improve identity and access management across a complex, distributed environment, starting with low hanging fruit before maturing the processes,” Karen Walsh, CEO of Allegro Solutions, told Help Net Security. The first step, Walsh said, is to implement SSO across all standard accounts. “The same way they limit the attack surface by segmenting networks, they can use SSO to consolidate identity management.” Next, security teams should give employees a password manager for both business and personal use, something many organizations overlook despite the risks. “Compromised and weak passwords are a primary attack vector, but too many organizations fail to give their employees a way to improve their password hygiene. Then, they should allow the password manager plugin on all corporate approved browsers. ...” ... The third action is often the most technically demanding: linking human user accounts to machine identities. “They should assign a human user account and identity to all machine identities, including IoT, RPA, and network devices,” Walsh explained. “This provides an additional level of insight into and monitoring over how these typically unmanaged assets behave on networks to mitigate risks from attackers exploiting vulnerabilities.”


A Chief AI Officer Won’t Fix Your AI Problems

Rather than creating an isolated AI leadership role, forward-thinking companies are integrating AI into existing C-suite domains. In my experience working with large enterprises, this approach leads to better alignment, faster adoption, and clearer accountability. CTOs, for example, have long driven AI adoption by ensuring it supports broader digital transformation efforts. Companies like Microsoft and Amazon have taken this route by embedding AI leadership within their technology teams. ... Industries that are slower to adopt AI often face unique challenges that make implementation more complex. Many operate with deeply entrenched legacy systems, strict regulatory requirements, or a more cautious approach to adopting new technologies.  ... The push to appoint a Chief AI Officer often reflects deeper organizational challenges, such as poor cross-functional collaboration, a lack of clarity in digital transformation strategy, or resistance to change. These issues aren’t solved by adding another executive to the leadership team. What is truly needed is a cultural shift—one that promotes AI literacy across the organization, empowers existing leaders to incorporate AI into their strategies, and encourages collaboration between technical and business teams to drive adoption where it matters.


Akamai Addresses DNS Security and Compliance Challenges with Industry-First DNS Posture Management

“DNS security often flies under the radar, but it’s vital in keeping businesses secure and running smoothly,” said Sean Lyons, SVP and General Manager, Infrastructure Security Solutions & Services, Akamai. “For many organisations, the challenge isn’t setting up DNS — it’s knowing whether all their systems are actually properly configured and secured. Those organisations really need a simple way to see what’s happening across their DNS environment to take action quickly. That’s the problem we’re solving with DNS Posture Management. Security practitioners get a clear, unified view that helps them identify priority issues early, stay compliant, and keep their networks performing at their best.” Domains often show known high-risk vulnerabilities or misconfigurations. These weaknesses could impact DNS uptime and resolution reliability while increasing exposure to serious threats such as unauthorised SSL/TLS certificate issuance, DNS spoofing, and cache poisoning. This could embolden threat actors to abuse a company’s DNS to create fake websites that imitate the organisation’s brand for purposes like fraud, data theft, and phishing. Other vulnerabilities allow attackers to bring DNS down entirely, causing network outages for the business and its customers.


Lightspeed: Photonic networking in data centers

Using photonics is seen as a potential way to alleviate this. By transmitting information using photons, vendors say they can make big efficiency and performance gains. The use of photonics in data centers is not new - DCD profiled Google’s Mission Apollo, which saw optical switches introduced to the search giant’s data centers, in 2023 - but interest in the technology has ramped up in recent months, with several vendors raising funds to develop their own particular flavors of photonics. ... Regan, a photonics industry veteran who was brought on board by the Oriole founders to help bring their vision to life, believes this radical approach to redesigning data center networks is required to realize the promise of photonics. “If you want to get the real benefits, you have to get rid of electronic packet switching completely,” he argues. “Google introduced its switches in a bunch of its data centers - they’re very slow but they allow you to reconfigure a network based on demands, and sits alongside electronic packet switching. ... These drawbacks include “complexity, cost, and compatibility concerns,” Lewis said, adding: “With further research and development, there may be possibilities for photonic components to replace electronics in the future; however, for now, electric components remain the status quo.” 


Employees with AI Skills Enjoy Increased Job Security

Frankel said companies that proactively invest in training and reskilling their teams will certainly fare better than those that lollygag. "If you're working in IT, I think the key is to focus on diving in and learning how to leverage new tech to your benefit and tie your efforts to the company's goals," he said. Kausik Chaudhuri, CIO at Lemongrass, added that many organizations are partnering with online learning platforms to deliver targeted courses, while also building internal academies for continuous learning. "Training is tailored to specific job functions, ensuring IT, analytics, and operations teams can effectively manage and optimize AI-driven processes," he explained. Additionally, companies are promoting cross-functional collaboration, encouraging both technical and non-technical teams to build AI literacy. ... For soft skills, adaptability, problem-solving, cross-functional communication, ethical awareness, and change management are essential as AI reshapes business processes. "This shift is pushing IT professionals to be both technically proficient and strategically adaptable," Chaudhuri said. Frankel noted that there's a lot of experimentation going on as organizations grapple with the potential and pitfalls of AI integration. "While AI will get better, I think a lot of places are realizing that AI tools alone won't get them where they need to go," he said.


Lessons learned from the trojanized KeePass incident

All fake KeePass installation packages were signed with a valid digital signature, so they didn’t trigger any alarming warnings in Windows. The five newly discovered distributions had certificates issued by four different software companies. The legitimate KeePass is signed with a different certificate, but few people bother to check what the Publisher line says in Windows warnings. ... Distributors of password-stealing malware indiscriminately target any unsuspecting user. The criminals analyze any passwords, financial data, or other valuable information they manage to steal, sort it into categories, and sell whatever is needed to other cybercriminals for their underground operations. Ransomware operators will buy credentials for corporate networks, scammers will purchase personal data and bank card numbers, and spammers will acquire login details for social media or gaming accounts. That’s why the business model for stealer distributors is to grab anything they can get their hands on and use all kinds of lures to spread their malware. Trojans can be hidden inside any type of software — from games and password managers to specialized applications for accountants or architects.


Do you trust AI? Here’s why half of users don’t

Jason Hardy, CTO at Hitachi Vantara, called the trust gap “The AI Paradox.” As AI grows more advanced, its reliability can drop. He warned that without quality training data and strong safeguards, such as protocols for verifying outputs, AI systems risk producing inaccurate results. “A key part of understanding the increasing prevalence of AI hallucinations lies in being able to trace the system’s behavior back to the original training data, making data quality and context paramount to avoid a ‘hallucination domino’ effect,” Hardy said in an email reply to Computerworld. AI models often struggle with multi-step, technical problems, where small errors can snowball into major inaccuracies — a growing issue in newer systems, according to Hardy. With original training data running low, models now rely on new, often lower-quality sources. Treating all data as equally valuable worsens the problem, making it harder to trace and fix AI hallucinations. As global AI development accelerates, inconsistent data quality standards pose a major challenge. While some systems prioritize cost, others recognize that strong quality control is key to reducing errors and hallucinations long-term, he said. 


Curves Ahead: The Promises and Perils of AI in Mobile App Development

AI-based development tools also increase risks stemming from dependency chain opacity in mobile applications. Blind spots in the software supply chain will increase as AI agents and coding assistants are tasked with autonomously selecting and integrating dependencies. Since AI simultaneously pulls code from multiple sources, traditional methods of dependency tracking will prove insufficient. ... The developer trend of intuitive "vibe coding" may take package hallucinations into serious bad trip territory. The term refers to developers using casual AI prompts to generally describe a desired mobile app outcome; the AI tool then generates code to achieve it. Counter to the common wisdom of zero trust, vibe coding tends to lean heavily on trust; developers very often copy and paste code results without any manual review checks. Any hallucinated packages that get carried over can become easy entry points for threat actors. ... While some predict that agentic AI will disrupt the mobile application landscape by ultimately replacing traditional apps, other modes of disruption seem more immediate. For instance, researchers recently discovered an indirect prompt injection flaw in GitLab's built-in AI assistant Duo. This could allow attackers to steal source code or inject untrusted HTML into Duo's responses and direct users to malicious websites.


CockroachDB’s distributed vector indexing tackles the looming AI data explosion

The Cockroach Labs engineering team had to solve multiple problems simultaneously: uniform efficiency at massive scale, self-balancing indexes and maintaining accuracy while underlying data changes rapidly. Kimball explained that the C-SPANN algorithm solves this by creating a hierarchy of partitions for vectors in a very high multi-dimensional space. ... The coming wave of AI-driven workloads creates what Kimball terms “operational big data”—a fundamentally different challenge from traditional big data analytics. While conventional big data focuses on batch processing large datasets for insights, operational big data demands real-time performance at massive scale for mission-critical applications. “When you really think about the implications of agentic AI, it’s just a lot more activity hitting APIs and ultimately causing throughput requirements for the underlying databases,” Kimball explained. ... Implementing generic query plans in distributed systems presents unique challenges that single-node databases don’t face. CockroachDB must ensure that cached plans remain optimal across geographically distributed nodes with varying latencies. “In distributed SQL, the generic query plans, they’re kind of a slightly heavier lift, because now you’re talking about a potentially geo-distributed set of nodes with different latencies,” Kimball explained.


Burnout: Combatting the growing burden on IT teams

From preventing breaches to troubleshooting system failures, IT teams are the unsung heroes in many organisations, ensuring business continuity, day and night. However, the relentless pace of requests and the sprawl of endpoints to manage, combined with the increasing variety of IT demands, has led to unprecedented levels of burnout. ... IT professionals, particularly those in high-alert environments such as network operations centres (NOC) and security operations centres (SOC), face an almost never-ending deluge of alerts and notifications. Today, IT workers can only respond to roughly 85% of the tickets they receive daily, leaving critical alerts at risk of being overlooked. The pressure to sift through numerous alerts also slows down decision-making processes, erodes wider-business confidence, and leads to IT teams feeling helpless and unsupported. This vicious cycle can be incredibly difficult to break, contributing to high levels of burnout and consequently high employee turnover rates. ... Navigating Complex Compliance Challenges The regulatory landscape is evolving rapidly, placing additional pressure on IT teams. Managing these changes is no easy task, especially as many businesses are riddled with outdated legacy systems making compliance seem daunting. With new frameworks such as DORA and NIS2 coming into effect, 80% of CISOs report that compliance regulations are negatively impacting their mental health.

No comments:

Post a Comment