Quote for the day:
"Thinking should become your capital asset, no matter whatever ups and downs you come across in your life." -- Dr. APJ Kalam
Rethinking governance in a decentralized identity world
“Security leaders can take three discrete actions to improve identity and access
management across a complex, distributed environment, starting with low hanging
fruit before maturing the processes,” Karen Walsh, CEO of Allegro Solutions,
told Help Net Security. The first step, Walsh said, is to implement SSO across
all standard accounts. “The same way they limit the attack surface by segmenting
networks, they can use SSO to consolidate identity management.” Next, security
teams should give employees a password manager for both business and personal
use, something many organizations overlook despite the risks. “Compromised and
weak passwords are a primary attack vector, but too many organizations fail to
give their employees a way to improve their password hygiene. Then, they should
allow the password manager plugin on all corporate approved browsers. ...” ...
The third action is often the most technically demanding: linking human user
accounts to machine identities. “They should assign a human user account and
identity to all machine identities, including IoT, RPA, and network devices,”
Walsh explained. “This provides an additional level of insight into and
monitoring over how these typically unmanaged assets behave on networks to
mitigate risks from attackers exploiting vulnerabilities.”A Chief AI Officer Won’t Fix Your AI Problems
Rather than creating an isolated AI leadership role, forward-thinking
companies are integrating AI into existing C-suite domains. In my experience
working with large enterprises, this approach leads to better alignment,
faster adoption, and clearer accountability. CTOs, for example, have long
driven AI adoption by ensuring it supports broader digital transformation
efforts. Companies like Microsoft and Amazon have taken this route by
embedding AI leadership within their technology teams. ... Industries that are
slower to adopt AI often face unique challenges that make implementation more
complex. Many operate with deeply entrenched legacy systems, strict regulatory
requirements, or a more cautious approach to adopting new technologies.
... The push to appoint a Chief AI Officer often reflects deeper
organizational challenges, such as poor cross-functional collaboration, a lack
of clarity in digital transformation strategy, or resistance to change. These
issues aren’t solved by adding another executive to the leadership team. What
is truly needed is a cultural shift—one that promotes AI literacy across the
organization, empowers existing leaders to incorporate AI into their
strategies, and encourages collaboration between technical and business teams
to drive adoption where it matters.Akamai Addresses DNS Security and Compliance Challenges with Industry-First DNS Posture Management
“DNS security often flies under the radar, but it’s vital in keeping
businesses secure and running smoothly,” said Sean Lyons, SVP and General
Manager, Infrastructure Security Solutions & Services, Akamai. “For many
organisations, the challenge isn’t setting up DNS — it’s knowing whether all
their systems are actually properly configured and secured. Those
organisations really need a simple way to see what’s happening across their
DNS environment to take action quickly. That’s the problem we’re solving with
DNS Posture Management. Security practitioners get a clear, unified view that
helps them identify priority issues early, stay compliant, and keep their
networks performing at their best.” Domains often show known high-risk
vulnerabilities or misconfigurations. These weaknesses could impact DNS uptime
and resolution reliability while increasing exposure to serious threats such
as unauthorised SSL/TLS certificate issuance, DNS spoofing, and cache
poisoning. This could embolden threat actors to abuse a company’s DNS to
create fake websites that imitate the organisation’s brand for purposes like
fraud, data theft, and phishing. Other vulnerabilities allow attackers to
bring DNS down entirely, causing network outages for the business and its
customers.Lightspeed: Photonic networking in data centers
Using photonics is seen as a potential way to alleviate this. By transmitting
information using photons, vendors say they can make big efficiency and
performance gains. The use of photonics in data centers is not new - DCD
profiled Google’s Mission Apollo, which saw optical switches introduced to the
search giant’s data centers, in 2023 - but interest in the technology has
ramped up in recent months, with several vendors raising funds to develop
their own particular flavors of photonics. ... Regan, a photonics industry
veteran who was brought on board by the Oriole founders to help bring their
vision to life, believes this radical approach to redesigning data center
networks is required to realize the promise of photonics. “If you want to get
the real benefits, you have to get rid of electronic packet switching
completely,” he argues. “Google introduced its switches in a bunch of its data
centers - they’re very slow but they allow you to reconfigure a network based
on demands, and sits alongside electronic packet switching. ... These
drawbacks include “complexity, cost, and compatibility concerns,” Lewis said,
adding: “With further research and development, there may be possibilities for
photonic components to replace electronics in the future; however, for now,
electric components remain the status quo.” Employees with AI Skills Enjoy Increased Job Security
Frankel said companies that proactively invest in training and reskilling their
teams will certainly fare better than those that lollygag. "If you're working in
IT, I think the key is to focus on diving in and learning how to leverage new
tech to your benefit and tie your efforts to the company's goals," he said.
Kausik Chaudhuri, CIO at Lemongrass, added that many organizations are
partnering with online learning platforms to deliver targeted courses, while
also building internal academies for continuous learning. "Training is tailored
to specific job functions, ensuring IT, analytics, and operations teams can
effectively manage and optimize AI-driven processes," he explained.
Additionally, companies are promoting cross-functional collaboration,
encouraging both technical and non-technical teams to build AI literacy. ... For
soft skills, adaptability, problem-solving, cross-functional communication,
ethical awareness, and change management are essential as AI reshapes business
processes. "This shift is pushing IT professionals to be both technically
proficient and strategically adaptable," Chaudhuri said. Frankel noted that
there's a lot of experimentation going on as organizations grapple with the
potential and pitfalls of AI integration. "While AI will get better, I think a
lot of places are realizing that AI tools alone won't get them where they need
to go," he said.
Lessons learned from the trojanized KeePass incident
All fake KeePass installation packages were signed with a valid digital
signature, so they didn’t trigger any alarming warnings in Windows. The five
newly discovered distributions had certificates issued by four different
software companies. The legitimate KeePass is signed with a different
certificate, but few people bother to check what the Publisher line says in
Windows warnings. ... Distributors of password-stealing malware indiscriminately
target any unsuspecting user. The criminals analyze any passwords, financial
data, or other valuable information they manage to steal, sort it into
categories, and sell whatever is needed to other cybercriminals for their
underground operations. Ransomware operators will buy credentials for corporate
networks, scammers will purchase personal data and bank card numbers, and
spammers will acquire login details for social media or gaming accounts. That’s
why the business model for stealer distributors is to grab anything they can get
their hands on and use all kinds of lures to spread their malware. Trojans can
be hidden inside any type of software — from games and password managers to
specialized applications for accountants or architects.
Do you trust AI? Here’s why half of users don’t
Jason Hardy, CTO at Hitachi Vantara, called the trust gap “The AI Paradox.” As
AI grows more advanced, its reliability can drop. He warned that without quality
training data and strong safeguards, such as protocols for verifying outputs, AI
systems risk producing inaccurate results. “A key part of understanding the
increasing prevalence of AI hallucinations lies in being able to trace the
system’s behavior back to the original training data, making data quality and
context paramount to avoid a ‘hallucination domino’ effect,” Hardy said in an
email reply to Computerworld. AI models often struggle with multi-step,
technical problems, where small errors can snowball into major inaccuracies — a
growing issue in newer systems, according to Hardy. With original training data
running low, models now rely on new, often lower-quality sources. Treating all
data as equally valuable worsens the problem, making it harder to trace and fix
AI hallucinations. As global AI development accelerates, inconsistent data
quality standards pose a major challenge. While some systems prioritize cost,
others recognize that strong quality control is key to reducing errors and
hallucinations long-term, he said.
Curves Ahead: The Promises and Perils of AI in Mobile App Development
AI-based development tools also increase risks stemming from dependency chain opacity in mobile applications. Blind spots in the software supply chain will increase as AI agents and coding assistants are tasked with autonomously selecting and integrating dependencies. Since AI simultaneously pulls code from multiple sources, traditional methods of dependency tracking will prove insufficient. ... The developer trend of intuitive "vibe coding" may take package hallucinations into serious bad trip territory. The term refers to developers using casual AI prompts to generally describe a desired mobile app outcome; the AI tool then generates code to achieve it. Counter to the common wisdom of zero trust, vibe coding tends to lean heavily on trust; developers very often copy and paste code results without any manual review checks. Any hallucinated packages that get carried over can become easy entry points for threat actors. ... While some predict that agentic AI will disrupt the mobile application landscape by ultimately replacing traditional apps, other modes of disruption seem more immediate. For instance, researchers recently discovered an indirect prompt injection flaw in GitLab's built-in AI assistant Duo. This could allow attackers to steal source code or inject untrusted HTML into Duo's responses and direct users to malicious websites.CockroachDB’s distributed vector indexing tackles the looming AI data explosion
The Cockroach Labs engineering team had to solve multiple problems
simultaneously: uniform efficiency at massive scale, self-balancing indexes and
maintaining accuracy while underlying data changes rapidly. Kimball explained
that the C-SPANN algorithm solves this by creating a hierarchy of partitions for
vectors in a very high multi-dimensional space. ... The coming wave of AI-driven
workloads creates what Kimball terms “operational big data”—a fundamentally
different challenge from traditional big data analytics. While conventional big
data focuses on batch processing large datasets for insights, operational big
data demands real-time performance at massive scale for mission-critical
applications. “When you really think about the implications of agentic AI, it’s
just a lot more activity hitting APIs and ultimately causing throughput
requirements for the underlying databases,” Kimball explained. ... Implementing
generic query plans in distributed systems presents unique challenges that
single-node databases don’t face. CockroachDB must ensure that cached plans
remain optimal across geographically distributed nodes with varying latencies.
“In distributed SQL, the generic query plans, they’re kind of a slightly heavier
lift, because now you’re talking about a potentially geo-distributed set of
nodes with different latencies,” Kimball explained.
Burnout: Combatting the growing burden on IT teams
From preventing breaches to troubleshooting system failures, IT teams are the
unsung heroes in many organisations, ensuring business continuity, day and
night. However, the relentless pace of requests and the sprawl of endpoints to
manage, combined with the increasing variety of IT demands, has led to
unprecedented levels of burnout. ... IT professionals, particularly those in
high-alert environments such as network operations centres (NOC) and security
operations centres (SOC), face an almost never-ending deluge of alerts and
notifications. Today, IT workers can only respond to roughly 85% of the tickets
they receive daily, leaving critical alerts at risk of being overlooked. The
pressure to sift through numerous alerts also slows down decision-making
processes, erodes wider-business confidence, and leads to IT teams feeling
helpless and unsupported. This vicious cycle can be incredibly difficult to
break, contributing to high levels of burnout and consequently high employee
turnover rates. ... Navigating Complex Compliance Challenges The regulatory
landscape is evolving rapidly, placing additional pressure on IT teams. Managing
these changes is no easy task, especially as many businesses are riddled with
outdated legacy systems making compliance seem daunting. With new frameworks
such as DORA and NIS2 coming into effect, 80% of CISOs report that compliance
regulations are negatively impacting their mental health.
