KnowBe4, the HRM+ provider, has announced the winners of its 2025 Partner Programme Awards from Europe, the Middle East and Africa (EMEA) during their KB4-CON EMEA event.

The annual awards programme recognises KnowBe4 partners demonstrating sales excellence, marketing innovation, thought leadership and top performance in key growth areas. The awards ceremony closed the first day of the cybersecurity conference that focused on training humans and agents.

“These award-winning partners represent the kind of strategic investment and commitment we value most – they have not only embraced our platform innovations but have become true advocates for human and agent risk management,” said Kirsten Esposito, VP global channel partners & programmes at KnowBe4. “When partners are this dedicated to helping organisations protect their most vulnerable attack surface, we remain committed to accelerating their growth. We look forward to continued joint success in 2026 and beyond.”

The winners of the KnowBe4 2025 Partner Programme Awards from EMEA are:

EMEA Partner of the Year: SVA System Vertrieb Alexander GmbH

Awards the partner who has demonstrated overall excellence in human risk management, joint go-to-market strategy, sales growth and marketing innovation.

EMEA Marketing Innovator of the Year: neam IT-Services GmbH

Awards the partner who has executed creative and successful marketing campaigns and gone above and beyond to promote our joint value.

EMEA Product Champion of the Year: Softcat PLC

Awards the partner who has championed selling the full product suite to help their customers build an adaptive human layer of defence.

Partners to Watch

●      blu Systems GmbH, Europe

●      Bytes Software Services Ltd, United Kingdom & Ireland

●      Integrity360 South Africa, Middle East & Africa

Awards the partners regionally who have shown tremendous growth and potential for future advancement in our partner programmes.

For more information on KnowBe4’s partner programmes, visit https://www.knowbe4.com/partners/partner-programs.

The post KnowBe4 Honours 2025 EMEA Partner Programme Award Winners appeared first on IT Security Guru.

With Cyber Security Awareness Month firmly underway, the National Cyber Resilience Centre Group (NCRCG) has proudly welcomed CyberSmart on board as a National Ambassador.

Funded and supported by the Home Office, policing and Ambassador business partners, NCRCG is bringing together all those who have a vital responsibility for combating cybercrime to help strengthen the cyber defences of small and medium-sized enterprises (SMEs). The organisation forms part of the Cyber Resilience Centre (CRC) network alongside nine, regional and police-led Centres, which engage directly with the SMEs in their localities.

A leading cybersecurity specialist, CyberSmart is perfectly placed to join the ranks of NCRCG’s National Ambassador Programme. With over 1,000 Managed Service Providers (MSPs) and over 6,000 SME customers in the UK, it is primed to act as an enabler to this crucial sector within the digital economy.

In partnering with NCRCG, CyberSmart will empower MSPs and SMEs around cyber resilience and signpost the support offered by the CRC network and the national technical authority, NCSC.

SMEs are the backbone of the UK economy, making up around half of the turnover in the UK private sector. As a result, SMEs must be made aware of the need to protect themselves and the steps they can take, as well as the value of cybersecurity. CRCs provide vital resources and advice for SMEs, making cyber resilience accessible to everyone, even those with limited in-house IT resources or knowledge.

As seasoned industry experts, CyberSmart will also be using its platform as a National Ambassador to share its wealth of cybersecurity knowledge and research with SMEs across the country, including through NCRCG’s CyberVersed podcast series.

Jamie Akhtar, CEO of CyberSmart, said: “At CyberSmart, we’re proud to join NCRCG as National Ambassadors. Our mission to support, educate and empower UK SMEs, and the MSPs that serve them, on the importance of cybersecurity aligns with that of NCRCG. Whereas many advanced cybersecurity solutions primarily cater to enterprises, SMEs are often underserved, lacking affordable access and dedicated support, despite being major targets. Through initiatives like the UK government Cyber Essentials scheme, we’re able to help establish a baseline security standard for SMEs, which is crucial for supply chain integrity. As SMEs find themselves targeted more heavily by cybercriminals, it is essential that we educate and support these critical organisations.”

“Joanna Goddard, Chief Experience Officer at NCRCG, said: “CyberSmart is a fantastic asset to our National Ambassador cohort and, with the organisation’s links to Managed Service Providers in particular, will enable us to tap into a sector which plays a critical role in contributing to the UK’s cyber resilience.”

“Millions of small and medium-sized businesses across the country rely on the IT support and advice provided to them by their MSPs, however many are still not benefiting from any cyber security support which is a significant missing piece of the puzzle. It is therefore essential that we raise awareness amongst MSPs of the CRC network and where their customers can go for additional, police-backed help.”

“We are so pleased to be working with CyberSmart on this and to be welcoming them on board at such an opportune moment in the cyber security calendar.”

The post CyberSmart Become a National Ambassador of the NCRCG appeared first on IT Security Guru.

As concerns regarding AI-driven fraud, impersonation, and digital deception continue to grow, new research from VerifyLabs.AI has revealed that over a third (35%) of Brits said deepfake nudes (non-consensual intimate imagery) or videos of themselves or their child were what they feared most when it came to deepfakes. This fear was even more pronounced among younger age groups, with 50% of 16-34 year olds identifying it as their biggest worry. 

More than one in three people surveyed (36%) also said they worry about the potential harm deepfakes could cause to their family and friends. These findings highlight the very real emotional and psychological harm deepfakes can cause when used maliciously against individuals or their families.

The survey of 1,000 adults also found that more than half (55%) are most concerned about deepfakes being used for financial scams and fraud. Nearly half (47%) of respondents stated their greatest fear was sophisticated business fraud, including blackmail, criminal activity, and the risk of losing their life savings. A further 44% fear AI-generated deepfake technology could be used to access personal or sensitive information without consent. 

Other findings: 

• Growing public demand for deepfake detection tools to be made widely available – 57% of respondents said they would be likely to use a deepfake detection feature if it were offered by a trusted organisation, such as their bank or employer, highlighting a clear public appetite for solutions to safeguard everyday communications.
• One in ten Brits still aren’t sure what constitutes a deepfake call – A worrying state underscoring the need for greater public awareness to help people protect themselves from audio-based deepfake scams.

The findings coincide with the launch of the VerifyLabs.AI Deepfake Detector, a Deepfake Detector suite of tools designed specifically for individuals and professionals to quickly and easily identify AI-generated threats hidden in images, video, and audio. For the first time, advanced deepfake detection technology, once reserved for governments and large corporations, is now accessible for everyday use, empowering people to protect themselves both at home and in the workplace.

“Not all deepfakes are bad, a meme or a bit of satire can be harmless fun but when they’re used to mislead, scam, abuse, or incite hate, they can be devastating for the people targeted,” comments Nick Knupffer, CEO of VerifyLabs.AI. “VerifyLabs.AI, gives people the opportunity to take back control of their own online safety and easily identify when things are not quite what they seem. Whether it’s used to support compliance, confirm someone’s identity, or check for signs of fraud, it puts the power of deepfake detection directly into people’s hands, taking away the control of the criminals.”

Operating at up to 98% accuracy, the VerifyLabs.AI Deepfake Detector tool uses powerful pattern analysis to detect the subtle clues left behind by AI-generated material. Whether it’s images, audio or video, the technology examines content frame by frame, word by word, and pixel by pixel to determine whether it’s been created by a human or machine. The system looks for tell-tale signs, from unnatural lighting and facial anomalies in video to overly polished writing and robotic voice patterns, which humans typically miss.The VerifyLabs.AI Deepfake Detector is currently available as a browser extension or as an app for iOS (Apple iPhone), with an Android version coming soon.

The post New research from VerifyLabs.AI highlights the nation’s fears when it comes to deepfakes appeared first on IT Security Guru.

Huntress has entered into its first distribution partnership, teaming up with global cloud solutions provider Sherweb to broaden access to its cybersecurity products among managed service providers (MSPs) in North America, Ireland, and the UK.

Under the new agreement, all Huntress solutions will be available through the Sherweb Marketplace, giving MSPs access to the company’s endpoint, identity, data, and employee protection tools. Each product is backed by Huntress’ 24/7 AI-assisted security operations center (SOC).

The partnership signals a significant step in Huntress’ global expansion strategy. Sherweb will work closely with the Huntress team to support MSPs with sales, onboarding, and account management, reflecting what both companies describe as a shared, partner-first philosophy.

“For the last decade, we’ve been in the trenches with the MSP community, working together to protect the businesses that keep the global economy running,” said Kyle Hanslovan, CEO and Cofounder at Huntress. “When it came time to expand our reach, we weren’t looking for just any partner—we were looking for a badass ally who values relationships over transactions and knows MSPs deserve more than cookie-cutter solutions. Sherweb’s culture, commitment to quality, and partner-first mindset make them the perfect fit. Together, we’re not just scaling globally—we’re leveling the playing field, making enterprise-grade cybersecurity accessible to every MSP, and giving hackers a run for their money.”

For Sherweb, which has operated in the MSP channel for more than 25 years, the partnership adds a suite of cybersecurity tools to its portfolio, including Huntress’ Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), Security Information and Event Management (SIEM), and Security Awareness Training (SAT) solutions.

“This partnership with Huntress is a natural fit, as we both share a deep commitment to empowering MSPs,” said Matthew Cassar, Co-CEO of Sherweb. “As Huntress’ first global cloud distributor, we’re proud to bring their powerful security solutions to partners in North America through our growing marketplace and to MSPs in Europe through MicroWarehouse, our Ireland-based subsidiary. Together, we’re helping IT solution providers protect clients of all sizes and adapt to the industry’s fast-changing demands.”

The deal also highlights Huntress’ focus on scaling its presence in international markets while maintaining its hands-on support model. Sherweb’s established MSP ecosystem and its alignment with Huntress’ partner-led culture were key factors in forming the alliance.

Huntress products will be available on the Sherweb Marketplace in the coming weeks.

The post Huntress Partners with Sherweb in First Global Distribution Deal to Expand MSP Cybersecurity Reach appeared first on IT Security Guru.

KnowBe4, the platform that comprehensively addresses human and agentic AI risk management, today announced its inclusion in the Microsoft Security Store Partner Ecosystem. KnowBe4 was selected based on their proven experience with Microsoft Security technologies, willingness to explore and provide feedback on cutting edge functionality, and close relationship with Microsoft.

“We are honoured to be a launch partner for the Microsoft Security Store Partner Ecosystem, which reinforces our commitment to providing customers with seamless, integrated security offerings,” said Stuart Clark, senior vice president of product management, KnowBe4. “This collaboration enables us to deliver our world-class human and agentic AI risk management platform directly through Microsoft’s trusted marketplace. KnowBe4’s AI powered human risk management in combination with Microsoft Security offerings allows our customers to build a robust cyber defence in depth strategy. This partnership exemplifies how the collective expertise within Microsoft’s network drives better security outcomes for businesses of all sizes.”

“The Microsoft Security Store is designed to simplify and strengthen how organisations approach cybersecurity. By offering a curated selection of trusted solutions and AI agents, we help Security and IT teams quickly find, purchase, and deploy technologies that integrate seamlessly with Microsoft Security. With simplified billing, streamlined deployment, and verified integrations, the Security Store empowers defenders to accelerate their response, improve their security posture, and focus on what matters most.” -Dorothy Li, corporate vice president, Security Copilot, Ecosystem and Marketplace, Microsoft.

KnowBe4 is collaborating with Microsoft to help shape the development of the Microsoft Security Store, providing feedback on new features, integration experiences, and customer needs. By publishing certified offerings and AI agents that integrate seamlessly with Microsoft Security products, KnowBe4 is making it easier for organisations to discover, purchase, and deploy trusted security technologies. Through the Security Store, KnowBe4 is helping customers accelerate their security outcomes and simplify operations with products that are vetted, easy to deploy, and designed to work together.

The Microsoft Security Store is setting a new benchmark for cybersecurity procurement and deployment. By centralising a wide range of security solutions and AI agents—organisations can now streamline how they discover, acquire, and operationalise advanced security technologies. With features like industry framework alignment, simplified billing, and guided deployment, the Security Store helps security teams reduce complexity, accelerate adoption, and maximise the value of their security investment.

The post KnowBe4 Is a Proud Participant in the Microsoft Security Store Partner Ecosystem appeared first on IT Security Guru.

Check Point Software Technologies and Wiz have expanded their partnership with the launch of a fully integrated cloud security solution that combines Check Point’s prevention-first cloud network security with Wiz’s Cloud-Native Application Protection Platform (CNAPP).

The collaboration, first announced in February 2025, has now reached general availability. The joint offering is designed to help enterprises tackle increasingly complex cloud security challenges by providing real-time visibility, AI-powered prevention, and more streamlined remediation.

“Showcasing the epitome of Check Point’s open-garden approach in action, this collaboration sets a new benchmark for unified cloud security,” said Paul Barbosa, VP of Cloud Security at Check Point. “Together with Wiz, we are delivering a prevention-first model that secures organisations from code to cloud, with real-time visibility and risk-aware remediation, without compromising on security.”

With enterprise networks becoming more distributed, security teams face growing challenges in protecting cloud environments. The integrated Check Point–Wiz solution aims to address these issues by offering customers a single platform for monitoring risks, reducing false positives, and mitigating threats at the gateway level before patches are available.

“This new capability gives customers visibility into CloudGuard gateway configurations directly in the Wiz platform,” said Oron Noah, VP of Product Extensibility and Partnerships at Wiz. “By integrating third-party virtual firewall policies into our risk assessment tools, we’re helping teams understand their exposure and take action faster.”

According to the two companies, the joint solution enables organisations to shift from remediation to prevention by blocking threats before they cause damage. It also enhances visibility and accelerates response, which reduces the time and resources required to address security issues. The integration is designed to help defend against zero-day attacks through AI-powered threat prevention, while also lowering configuration risks by identifying and fixing issues at the gateway level.

In addition, Wiz has introduced integration with Check Point’s Infinity Threat Exposure Management (CTEM), allowing security teams to automate gateway-based remediation flows. This reduces exposure times from hours to minutes by turning Wiz alerts directly into CloudGuard gateway actions.

Independent testing has previously validated Check Point’s prevention capabilities. CyberRatings.org reported a 100% block rate with zero false positives, while Miercom’s 2025 benchmark study found the company’s Infinity Platform achieved a 99.9% block rate against Zero+1 day malware and a 99.7% prevention rate for phishing.

The integrated Check Point–Wiz cloud security solution is now available globally.

The post Check Point and Wiz Roll Out Integrated Cloud Security Solution appeared first on IT Security Guru.

Despite a surge in spending on security awareness training (SAT), most organisations are still experiencing more incidents caused by human error, according to new research from Huntress.

The report, Mind the (Security) Gap: SAT in 2025, reveals that while 93% of organisations have increased their SAT budgets in the past three years, 94% saw a rise in security incidents linked to mistakes made by employees. The findings suggest that traditional training methods are not delivering the improvements businesses expect.

“Old-school security awareness training isn’t working. Organisations are pouring more money into it than ever, and yet, human error incidents are on the rise,” said Dima Kumets, Principal Product Manager at Huntress. “This gap between expectation and reality exists because training content is often developed in isolation, without meaningful collaboration with security experts. As a result, generalists without hands-on security experience create content that meets compliance requirements, but doesn’t drive meaningful behaviour change or lead to security outcomes that last.”

The study, based on an independent UserEvidence survey of 262 IT and security professionals who administer SAT and 260 employees whose companies provide it, exposes widespread weaknesses in legacy programmes. Among the main issues identified were ineffective outcomes, outdated content, and excessive administrative burden.

Key findings include:

• Perceived vs. real effectiveness: 93% of SAT administrators believe their programmes are effective, but more than half (57%) acknowledge that improved employee awareness could have prevented most or nearly all of their organisation’s security incidents.

• Outdated content: 88% of learners believe their training is effective, and 92% feel confident they would respond correctly in a security incident. Yet, 44% of administrators admit their training materials are often outdated or irrelevant, leaving staff overconfident and unprepared for modern threats.

• Administrative challenges: While 95% of administrators say their SAT programme is technically manageable, 61% spend at least 10 hours a month maintaining it, and 72% view it as a burden, suggesting the programmes are a time drain with limited return on security outcomes.

The Huntress findings align with research presented by UC San Diego Health at Black Hat USA 2025, which showed that annual, compliance-focused training alone does little to reduce the likelihood of employees falling for phishing scams. Experts argue that this “check-the-box” approach leaves organisations vulnerable, and that training should evolve into a more tailored, outcome-driven model.

According to Huntress, managed SAT programmes developed with security experts can ease the burden on administrators while ensuring that training is current, frequent, and relevant. This shift, the company argues, is critical to driving real behavioural change and reducing risk.

“Just because legacy SAT solutions have been ineffective in reducing human risk doesn’t mean SAT itself isn’t a valuable and necessary tool,” Kumets explained. “The answer certainly isn’t to throw more budget at the same ineffective training methods. But, by shifting to more outcome-driven training that is timely, relevant, and expertly managed, organisations can cultivate a proactive and resilient security culture that actually reduces human risk.”

The post Legacy Security Awareness Training Failing to Reduce Human Risk, Huntress Study Warns appeared first on IT Security Guru.

Online gaming relies on trust. Players share their email addresses, payment details, and activity data every time they log in. Without strong protection, that information could be exposed or misused. Platforms treat security as part of the service itself, not an extra feature. Encryption, identity checks, system defenses, and fraud monitoring all run in the background so players can enjoy the game without worrying about their data.

Encryption and Secure Connections

The first safety shield for online gaming is encryption. When players log in or make a payment, the information is scrambled on the way from device to server. Anyone trying to intercept it only sees unreadable code. Standard tools like SSL and TLS handle this step, protecting passwords, addresses, and payment details in transit.

The same approach is used once the data is stored. Company databases lock information with strong algorithms that make it useless without the right keys. Even if hackers manage to break in, what they find cannot be read. Protecting both live connections and stored records keeps private information safe on all fronts. This level of protection is just as important when playing titles like CS:GO (now known as CS2) or when wagering on CS2 esports events through betting apps. The best platforms not only secure your data but also deliver competitive CS2 betting odds, live streaming, in-play lines, and bonuses that make the experience more rewarding while keeping it safe. To learn more about these sites, betting expert Brett Curtis goes into great depth on the ins and outs of these platforms’ perks and security features. Essentially, keeping online gaming and even esports betting safe and enjoyable always comes back to strong encryption and a trusted security system.

Authentication and Identity Checks

Passwords are still required, but they are not enough on their own to ensure security. Most platforms now add two-factor authentication for extra security, which asks for a second code sent by text, email, or a mobile app. That extra step makes stolen credentials far less useful to attackers.

When money is involved, security goes further. Players are often asked to confirm their identity with official documents like a passport or driver’s licence. This process, called Know Your Customer, helps stop fraudsters from setting up fake accounts or hiding behind stolen details. By checking who is really behind each account, platforms keep the system fair and give players more confidence that their transactions are secure.

Protecting Infrastructure

Every online game runs on servers, and those servers are always a target. Firewalls block bad traffic before it gets close. Monitoring tools then keep an eye out for odd behavior, like endless failed logins or sudden bursts of data moving around.

Platforms also bring in outside experts to run penetration tests, which are controlled attempts to break in. These tests often expose weak spots that internal teams might not notice. By fixing those issues and keeping systems under constant watch, companies make it much harder for attackers to find a way through.

Limiting Data Exposure

Security is not only about building walls around information but also about reducing how much data is there in the first place. Many platforms use data masking, which replaces real values with fake ones when the original information is not needed. Tokenization goes further by swapping sensitive details like card numbers with stand-ins that only work inside secure systems.

Data minimization follows the same idea. Platforms collect only what they need to run accounts and process payments instead of holding on to extra details. Keeping less data on file means that, even if a breach happens, there is less for attackers to steal.

Compliance with Laws and Privacy Standards

Online gaming relies on trust, with players sharing emails, payment details, and activity data each time they log in. Security is built into the service itself through encryption, identity checks, system defenses, and fraud monitoring, while laws like Europe’s GDPR ensure protection goes beyond empty promises by setting strict rules for how data is collected, stored, and shared. Platforms that ignore these standards risk fines and reputational damage, while clear privacy policies show players exactly how their details are handled, proving that security is treated as a responsibility rather than an afterthought.

Training and Internal Controls

Even strong systems can fail if people make mistakes, which is why companies train staff to spot phishing scams, social engineering, and other tricks aimed at bypassing defenses. Employees are taught to handle sensitive data carefully and report anything suspicious, while access is limited to only what their roles require. Every action on critical systems is logged, making unusual behaviour easier to detect. Combining training with strict access controls reduces the risk of human error or abuse, leading to a breach.

Fraud Prevention

Fraud is a constant risk in online gaming, so platforms treat it seriously. Payments go through secure gateways that protect financial details and block unauthorized transactions. At the same time, monitoring systems watch for red flags like multiple accounts on one card or sudden spikes in spending. Suspicious accounts are reviewed fast and often frozen before players are affected. Strong fraud checks stop scammers from abusing the system and give players confidence that both their money and the game itself are safe.

The post How Do Online Gaming Sites Keep Players and Their Data Safe? appeared first on IT Security Guru.

Check Point has once again been recognised as one of the World’s Best Companies of 2025 by TIME and Statista. This marks the second consecutive year that Check Point has been featured on the list, reflecting its strong employee satisfaction, consistent revenue growth, and commitment to transparency in sustainability.

“Being recognised on TIME and Statista’s list of the World’s Best Companies of 2025 is an incredible honour,” said Sigal Gillmore, Chief Human Resources Officer, at Check Point Software Technologies. “This achievement reflects the innovation, dedication, and passion of our people worldwide. It underscores our commitment not only to shaping the future of cybersecurity, but also to fostering a workplace where talent thrives and employees are proud to belong.”

The ranking is based on three global surveys conducted in partnership with Statista. To evaluate employee satisfaction, Statista surveyed more than 200,000 workers worldwide about their views on their own employers as well as their perceptions of other companies. For revenue growth, the analysis considered organisations that demonstrated consistent positive revenue growth over the past three years. To assess sustainability transparency, Statista examined companies’ environmental and social efforts, as well as their annual Corporate Social Responsibility (CSR) reporting.

In addition to being named one of the World’s Best Companies of 2025, Check Point has earned multiple other distinctions. The company has been recognised five times as the World’s Best Cybersecurity Employer by Forbes, honoured as a Best Company to Work For by US News & World Report, named one of America’s Best Cybersecurity Companies by Newsweek and Statista, and included on Fast Company’s World Changing Ideas 2024 list, among other accolades.

The post Check Point Software Named Among World’s Best Companies 2025 by TIME and Statista appeared first on IT Security Guru.

The Turing Test measures machine intelligence by assessing whether an AI can engage in conversations indistinguishable from those of a human. Conceptualized by Alan Turing in 1950, the Turing Test originally qualified a computer’s capacity for human-like intelligence by its ability to imitate human-like responses and reasoning in natural language dialogue.

Yet as large language models demonstrate increasingly sophisticated conversational abilities, experts like Hassan Taher question whether this decades-old framework adequately measures what matters most in AI development.

Hassan Taher, founder of Taher AI Solutions and author of several influential works on artificial intelligence ethics, has been examining how evolving AI capabilities challenge conventional assessment methods. His analysis comes at a time when multiple AI systems have claimed to pass variations of the Turing Test, raising fundamental questions about what these achievements actually signify for the field.

What Is The Turing Test? Understanding the Test’s Original Framework

Alan Turing’s 1950 paper “Computing Machinery and Intelligence” replaced the abstract question “Can machines think?” with a more measurable alternative: “Can machines do what we (as thinking entities) can do?”. The test involves three participants—a human interrogator, a human respondent, and a machine—communicating through text-based interfaces to prevent physical bias.

The machine’s objective centers on convincing the interrogator it is human, while the human respondent helps the interrogator make correct identifications. Success occurs when interrogators cannot reliably distinguish between human and machine responses.

This framework measures conversational mimicry rather than consciousness or true understanding. Critics have long argued that machines could pass through behavioral simulation without genuine comprehension, a limitation that becomes more pronounced as AI systems grow more sophisticated.

Has an AI Passed the Turing Test? Recent Claims of AI Passing the Test

Several AI systems have claimed victories against the Turing Test, though these achievements come with significant caveats. A March 2025 study involving GPT-4.5, LLaMa-3.1-405B, GPT-4o, and the 1960s chatbot ELIZA produced surprising results. GPT-4.5 was judged human 73% of the time when instructed to adopt human-like personas, while LLaMa-3.1 achieved a 56% human identification rate.

Perhaps most intriguingly, ELIZA—despite being developed in the 1960s—outperformed some modern systems in certain configurations. The study noted that ELIZA’s conservative responses and lack of “helpful, friendly, verbose” characteristics associated with contemporary AI led interrogators to mistake its limitations for human uncooperativeness.

Hassan Taher has observed that these results highlight a fundamental problem with the test’s design. By his analysis, the Turing Test measures deception capability rather than intelligence. The ability to fool humans in conversation may demonstrate sophisticated language processing, but it reveals little about reasoning, creativity, or genuine understanding.

Expert Detection Versus Public Perception

While AI systems may fool casual users, experts often expose their limitations through targeted questioning. Professional evaluators can identify AI responses by probing areas like mathematical consistency, rule-following precision, or knowledge boundaries that reveal training data limitations.

The “Human or Not?” online experiment, involving millions of participants, found that 32% of people could not distinguish between humans and machines. This suggests that public perception of AI capabilities may exceed the technology’s actual sophistication, creating gaps between marketing claims and technical reality.

Hassan Taher points to this disconnect as evidence that evaluation methods must evolve beyond simple deception tests. For organizations to be prepared for AI in the workplace, it’s more important to evaluate human vs. robot detection on the individual scale rather than a standardized one.

Modern Benchmarks Replace Outdated Frameworks

Recognition of the Turing Test’s limitations has driven the development of more sophisticated evaluation methods. FrontierMath tests abstract mathematical reasoning and multi-step problem-solving, emphasizing derivation over memorization. Humanity’s Last Exam evaluates cognitive and ethical capabilities across situational awareness, strategic decision-making, and social understanding.

RE-Bench focuses on reliability and explainability, testing error detection, consistency across scenarios, and robustness against manipulation attempts. These frameworks address critical concerns about AI safety, alignment with human values, and security considerations that the original Turing Test ignores entirely.

Hassan Taher has advocated for evaluation methods that prioritize practical utility over human mimicry. He argues that the goal should be building AI that augments human capabilities rather than simply imitating them.

Philosophical Questions About Machine Consciousness

Debates over AI consciousness have intensified as systems demonstrate increasingly human-like responses. The Chinese Room Argument suggests that perfect behavioral simulation doesn’t guarantee understanding, while questions about qualia and subjective experience remain unanswered.

These philosophical considerations carry practical implications. If AI systems achieve genuine consciousness, they may warrant rights similar to humans, creating ethical obligations for their treatment. Questions of moral responsibility arise when conscious AI systems cause harm, challenging existing legal and regulatory frameworks.

Hassan Taher has written extensively about these ethical dimensions of AI use. His work emphasizes the need for frameworks that address consciousness questions before they become urgent practical concerns, rather than reactive policy responses.

Business and Security Implications

The evolution beyond Turing Test metrics affects multiple industries. Customer service applications benefit from more natural interactions, while creative and programming assistance becomes more sophisticated. However, advanced AI systems also present new security challenges through adversarial attacks, prompt injection, and data poisoning vulnerabilities.

Financial and medical applications face particular scrutiny, as “black box” AI decisions require justification for trust and regulatory compliance. The explainability dilemma becomes more complex when AI systems exceed simple conversational tasks to perform analysis that affects human welfare and economic outcomes.

The Path Forward in AI Evaluation

Rather than celebrating artificial victories in outdated tests, the AI community faces pressure to develop meaningful benchmarks that address real-world performance and safety concerns. Hassan Taher’s perspective suggests that focusing on human augmentation rather than replacement offers more promising directions for AI development.

The shift from deception-based testing to capability-focused evaluation reflects growing recognition that AI’s value lies in its ability to solve complex problems rather than fool humans in conversation. This transition may prove more important than any individual system’s performance on tests designed for an earlier era of artificial intelligence development.

The post What Is the Turning Test? Hassan Taher Decodes the Turing Test’s Relevance in Modern AI appeared first on IT Security Guru.

Former Army Special Operations Intelligence specialist combines battlefield experience with cutting-edge cybersecurity expertise to revolutionize digital inheritance while addressing critical infrastructure vulnerabilities.

The cybersecurity landscape demands leaders who understand both technical complexity and operational reality under pressure. Glenn Devitt represents a rare convergence of these capabilities—a former U.S. Army Special Operations Intelligence veteran whose 11 years of military service, including deployments to Iraq and Afghanistan, where he earned two Bronze Star Medals, now drives innovation at the intersection of cybersecurity and digital estate planning.

Devitt’s journey from military intelligence to cybersecurity leadership exemplifies how battlefield-tested skills can be applied to civilian technology innovation. His current role as CEO and Founder of Digital Legacy AI addresses one of cybersecurity’s most overlooked vulnerabilities: the $84 trillion in digital assets preparing to transfer between generations without adequate security protocols.

“I was really good at working open source intelligence back then or creative ways of getting data,” Devitt noted during a recent interview, describing capabilities developed during counterintelligence operations that now inform his approach to digital asset security and automated inheritance systems.

The connection between military intelligence and cybersecurity extends beyond technical skills. Both domains require systematic threat assessment, operational security under adverse conditions, and the ability to anticipate adversary behavior patterns. Devitt’s specialization in Human Intelligence, Counterintelligence, and Digital Forensics during military service provided foundational experience in securing critical information while enabling authorized access—exactly the challenge facing digital inheritance today.

From Battlefield Intelligence to Elite Cybersecurity Training

Devitt’s transition from military service to cybersecurity began through the Department of Homeland Security’s H.E.R.O. (Human Exploitation Rescue Operative) program, which equipped special operations veterans with computer forensics expertise. This specialized training bridged his military intelligence background with civilian cybersecurity applications, demonstrating how operational experience could enhance digital threat detection and response capabilities.

His expertise has earned recognition in the most prestigious venues of cybersecurity. Devitt served as an instructor at BlackHat, the premier cybersecurity conference that brings together elite ethical hackers, CISOs, and security professionals from around the world. BlackHat conferences, held annually in Las Vegas and internationally, feature specialized cybersecurity training courses taught by industry experts, providing opportunities for hands-on technical skill-building across all experience levels.

The conference attracts thousands of cybersecurity professionals annually and is renowned for its cutting-edge research presentations on emerging threats, defensive techniques, and the development of security tools. Devitt’s role as an instructor positioned him among the recognized thought leaders in the community, bridging military intelligence with civilian cybersecurity education.

“You can’t rescue your way out of this,” Devitt explained, articulating the systematic approach that connects his military intelligence methodology with cybersecurity challenges. “It takes time to do an intelligence operation to really make the impact where you take down the whole operation.”

This strategic thinking influences his current work at Digital Legacy AI, where he applies security principles to protect family inheritances during America’s historic wealth transfer. The approach treats each digital estate like a classified operation requiring comprehensive threat assessment, secure storage protocols, and verified access procedures.

His BlackHat instruction experience also reflects the cybersecurity community’s recognition that military veterans bring unique perspectives to civilian security challenges. The conference’s emphasis on practical, hands-on training aligns with military training methodologies that prioritize operational effectiveness under real-world conditions.

Revolutionary Digital Forensics in Suicide Prevention

Devitt’s most groundbreaking cybersecurity application emerged during the 2020 pandemic when he joined Stop Soldier Suicide as Chief Technology Officer. There, he created the Black Box Project, a machine learning initiative that leveraged digital forensics to analyze the final year of veterans’ digital lives—examining smartphones, social media activity, and online behavior patterns to identify pre-suicidal indicators that traditional mental health screenings miss.

“I created a project called the Black Box Project where I did digital forensics on soldier cell phones that killed themselves,” Devitt explained during a recent interview. “So if you can do it for veterans, you can do it for teens, firefighters, and police.”

The project required navigating complex ethical and technical challenges while maintaining the highest cybersecurity standards. Families donated the devices of deceased veterans, trusting Devitt’s team to extract meaningful insights while protecting sensitive personal information. The work demanded operational security to prevent data breaches that could compound families’ trauma.

The Black Box Project achieved recognition as a U.S. Department of Veterans Affairs Mission Daybreak finalist, earning $3 million in federal funding out of over a thousand submissions. This validation demonstrated how cybersecurity expertise, when combined with humanitarian purpose, can create breakthrough innovations that save lives through data analysis.

The project’s success highlighted Devitt’s unique ability to bridge technical cybersecurity skills with operational impact. Where traditional suicide prevention relies on reactive interventions, his approach uses predictive analytics to identify at-risk individuals before crisis points—applying the same proactive threat assessment methodologies used in cybersecurity defense.

Cybersecurity for Digital Estate Protection

Glenn Devitt’s transition from suicide prevention to Digital Legacy AI reflects how cybersecurity expertise addresses emerging vulnerabilities in digital inheritance. His patent-protected blockchain technology applies military intelligence methodologies to protect family wealth during America’s $84 trillion Silver Tsunami—the unprecedented generational transfer that will occur through 2045.

Current cybersecurity frameworks fail catastrophically when applied to digital inheritance. Traditional authentication systems secure assets during an owner’s lifetime but provide no mechanisms for verified posthumous access. Estate planning attorneys report mounting professional liability concerns when digital assets become permanently inaccessible due to authentication failures.

“Companies have raised hundreds of millions in this space and they still haven’t figured it out,” Devitt explained during a recent content review meeting. “Luckily, I have a utility patent in this space, so it gives me some protection, but still, it’s a bitch to get this thing right.”

His breakthrough resolves the fundamental cybersecurity contradiction that complicates digital inheritance: maintaining absolute security during an owner’s lifetime while enabling verified access for legitimate heirs after death. The system combines blockchain verification with multi-factor authentication and air-gapped storage protocols—security measures adapted for civilian family protection.

The technology addresses what makes digital assets fundamentally different from traditional inheritance. Banks can transfer funds to estate executors upon receiving death certificates, but digital platforms lack equivalent mechanisms. Current cryptocurrency inheritance laws vary significantly by jurisdiction, with 47 states adopting the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA) as of February 2025.

Federal patent protection positions Digital Legacy AI uniquely as cybersecurity becomes essential infrastructure for inheritance planning. While competitors focus on password management, Devitt’s system integrates legal compliance frameworks designed for complex multigenerational estates, treating each digital legacy like a classified operation requiring comprehensive threat assessment and verified access procedures.

The post Digital Legacy AI CEO Glenn Devitt Bridges Military Intelligence and Cybersecurity appeared first on IT Security Guru.

Check Point Software has expanded its Harmony SASE offering with the launch of Enterprise Browser, a tool designed to close one of the biggest gaps in enterprise security: unmanaged devices.

The new feature extends Zero Trust protections to personal laptops, contractor devices, and third-party endpoints without requiring agents or corporate ownership. Built on Chromium, the Enterprise Browser creates an isolated, ephemeral workspace that applies enterprise-grade security controls during each session, removing all sensitive data once the session is closed.

Unmanaged devices are a growing blind spot for organisations as hybrid work and third-party ecosystems expand. They expose companies to risks such as data leakage, compliance failures, and limited visibility into device health. Traditional approaches, such as issuing laptops or relying on VPNs, are often costly, slow to deploy, and insufficient for meeting regulatory standards, including HIPAA, GDPR, and NIS2.

“Enterprises can no longer afford to choose between productivity and security,” said Amit Bareket, VP of SASE at Check Point. “Check Point Enterprise Browser delivers both. It enables fast, frictionless access for third parties and BYOD users, while giving IT teams stronger control, compliance, and visibility on devices they don’t manage. With the Enterprise Browser for BYOD and Harmony Browse for managed devices Check Point delivers robust browser security for our customers.”

Among its key capabilities, Enterprise Browser provides data isolation and automatic wipe at session close, integrated data loss prevention (DLP), agentless posture checks, complete session visibility for compliance, and unified integration with Check Point Harmony SASE and Agentless ZTNA.

The launch aims to give businesses stronger control over unmanaged devices, accelerating onboarding for third parties, ensuring compliance on untrusted endpoints, and reducing IT overhead by eliminating workarounds such as shipping laptops.

Check Point Enterprise Browser is available globally as part of the Harmony SASE suite.

The post Check Point Unveils Enterprise Browser to Secure BYOD and Third-Party Devices appeared first on IT Security Guru.

What is Usenet?

Have you ever heard of Usenet? It might sound like a relic from the past, but nothing could be further from the truth. Usenet is a globally distributed network that has been around since the ’80s and is still very much alive. It offers access to newsgroups where you can find all kinds of content, from text messages to binary files like videos and software. But what makes Usenet so special in this modern age of the internet and social media?

The Benefits of Usenet Access

Fast and Unlimited Access

One of the biggest advantages of Usenet is speed. Unlike traditional download methods, Usenet offers lightning-fast downloads without limitations. This means you can grab large files without having to wait or worry about bandwidth restrictions. For anyone who wants quick access to information or media, this is a game-changer.

Global Reach

Usenet isn’t tied down by geographical restrictions. Whether you’re in the United States or on the other side of the world, you always have access to the same newsgroups and content. This makes it an ideal solution for people who travel frequently or live in countries where certain internet services are restricted.

Privacy and Security on Usenet

Strong Privacy Measures

In an era where online privacy is becoming increasingly important, Usenet offers a safe haven. Many Usenet providers emphasize strong privacy measures to protect your data. This means you can remain anonymous while accessing newsgroups and downloading content.

Using VPN with Usenet

To further enhance your privacy, you can use a VPN (virtual private network) in combination with Usenet. A VPN encrypts your internet connection, making it harder for third parties to track your online activities. This is especially useful if you want to download sensitive information or just stay anonymous.

Automating Downloads

Best Usenet Clients

There are various clients available that make using Usenet simpler. This software helps you search for NZB files (the index files that point to content on Usenet) and automatically download them. Popular options include SABnzbd and NZBGet, both offering user-friendly interfaces and compatibility with different operating systems.

Automation Tools like SickBeard and CouchPotato

For those who want to automate their downloads, tools like SickBeard and CouchPotato are a godsend. These programs can automatically download new episodes of TV series or movies as soon as they become available on Usenet. This not only saves you time but also ensures you’re always up-to-date with the latest releases.

Security on Usenet

Encrypted Connections

Many modern Usenet providers offer SSL encryption for their connections. This means all data sent between you and the server is encrypted and can’t easily be intercepted by malicious actors. This adds an extra layer of security to your online activities.

Reliable Providers

Choosing a reliable provider is essential for ensuring both speed and security on Usenet. Usenet from Newsdemon stands out for its strong commitment to privacy and security, making it an excellent choice for anyone serious about protecting their data and maintaining IT security.

Usenet offers a unique combination of speed, unlimited access, and strong privacy measures that are hard to match by other services. Whether you’re interested in fast downloads, global accessibility, or just want to stay anonymous online, Usenet has something to offer everyone.

So what are you waiting for? Discover the power of Usenet yourself and see how this old technology has adapted to meet modern demands for speed and privacy!

The post Discover the Power of Usenet for Global Access and Privacy appeared first on IT Security Guru.

Check Point Software has been recognized as a Leader in the 2025 Gartner® Magic Quadrant for Hybrid Mesh Firewalls, with the research firm citing the company’s execution and completeness of vision.

The recognition highlights Check Point’s approach to hybrid mesh network security, designed to deliver high-performance firewall protection across on-premises, cloud, and SASE environments. According to the company, this enables organisations to stay ahead of evolving cyber threats while consolidating security management across distributed networks.

Tackling the modern enterprise challenge

Enterprises today face increasingly complex security challenges as their networks expand across multiple environments. With the attack surface now “virtually everywhere,” organisations often struggle to close security gaps, particularly when dealing with siloed systems and fast-moving cyber threats.

Check Point says its Hybrid Mesh Network Security is designed to address this by delivering AI-powered, real-time threat prevention, consistent zero-trust security, and unified management across distributed infrastructures.

“We are honored to be acknowledged as a Leader in the Gartner® Magic Quadrant for Hybrid Mesh Firewalls,” said Nataly Kremer, Chief Product Officer at Check Point Software. “Our open platform approach delivers industry-leading network security with the flexibility to integrate with third-party systems. As a longstanding cybersecurity leader, we are committed to providing organisations the agility, optimal user experience, and cost efficiency they need to stay protected.”

Key differentiators driving recognition

Check Point attributes its placement in the Magic Quadrant to several factors:

• AI-Powered Threat Prevention: Powered by Infinity ThreatCloud AI, the company claims its security delivers real-time intelligence from millions of endpoints and over 150,000 networks, blocking 99.9% of cyberattacks.

• Unified Management: A centralised system provides orchestrated protection across access points, eliminating silos, improving visibility and compliance, and enabling proactive firewall performance management with AIOps.

• Open Platform: With an open, modular architecture and over 250 integrations, the platform enables organisations to build customizable, multi-vendor security stacks supported by automation and AI-driven tools.

Customers highlight operational impact

Check Point’s customers point to the benefits of consolidating and simplifying security operations.

“We wanted to have a single pane of glass to monitor the security of our inside network as well as our perimeter and cloud applications. Our team leverages Check Point Quantum Firewalls, Quantum Maestro Hyperscale Network Security, CloudGuard and Harmony Email Security & Collaboration to prevent threats across the organisation’s entire attack surface. Check Point gives us a great way to consolidate that security viewpoint, so we’re not jumping between different systems if an alert comes up,” said Chris Newman, Senior IT Director, Denver Broncos. “It frees my team up to focus on other areas of technology that we have to tackle, especially during game day.”

Check Point maintains that its continued recognition as a Leader reflects its strategy to deliver consistent, AI-driven threat prevention while giving organisations the flexibility to integrate with existing environments.

The post Check Point Named Leader in Gartner 2025 Magic Quadrant for Hybrid Mesh Firewalls appeared first on IT Security Guru.

KnowBe4, the human risk management cybersecurity platform, has released its latest research paper “Financial Sector Threats Report,” uncovering critical insights into the escalating cybersecurity crisis facing the global financial sector. The report shows that financial institutions face a perfect storm of AI-enhanced attacks, credential theft and supply chain vulnerabilities that pose systemic risks to the global financial industry.

The research reveals almost all (97%) of major U.S. banks experienced third-party breaches in 2024, while targeted intrusions against financial institutions increased by 109% year-over-year. Most concerning, tests in large financial institutions found that nearly 45% of employees were likely to click on a malicious link or download an infected file, creating entry points for threat actors. The report highlights how threat actors are leveraging AI tools like FraudGPT and ElevenLabs to create more convincing phishing campaigns, while simultaneously moving away from traditional ransomware encryption toward data exfiltration and multi-stage extortion schemes. This evolution allows attackers to use legitimate credentials, making detection significantly more challenging. According to Federal Reserve Bank of New York Staff Reports, even a single day’s disruption in payments by major banks could affect 38% of network banks globally.

Key findings from the report:

●      Financial service firms globally experience up to 300 times more cyberattacks annually than other industries, with a 25% year-on-year increase in intrusion events for 2024.

●      97% of the largest U.S. banks suffered third-party breaches in 2024, while 100% of Europe’s top financial firms suffered supplier breaches, highlighting vulnerabilities in vendor ecosystems.

●      Analysis of over three million dark web posts shows stolen credentials far outpace credit card theft; infostealer infection attempts increased 58% in 2024 and 68% of attacks originating from email.

●      The U.S. accounts for 60% of all ransomware attacks against financial institutions, with the U.S. and U.K. together representing over 70% of attacks, with increasing activity targeting emerging markets in South Asia and Latin America.

●      Large financial institutions show 44.7% Phish-prone^TM Percentage (PPP) rates initially, but comprehensive security awareness training reduces phishing susceptibility to below 5%.

“Adversaries are gaining an advantage against the financial sector,” said James McQuiggan, security awareness advocate at KnowBe4. “Traditional defenses are no longer sufficient and threat actors discovered stealing valid credentials is more effective than ransomware because it allows them to move undetected. The battle comes down to the human level. Financial institutions must prioritize human risk management to close this critical security gap.”

Download the full KnowBe4 report “Financial Sector Threats: The Shifting Landscape” here. 

About KnowBe4

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization’s biggest asset. More info at knowbe4.com.

Follow KnowBe4 on LinkedIn and X.

The post KnowBe4 Report Reveals Global Financial Sector Faces Unprecedented Cyber Threat Surge appeared first on IT Security Guru.

KnowBe4, the security training provider, today released a new report entitled Navigating Cyber Threats: Infosecurity Europe 2025 Findings. The findings show that cybersecurity professionals are sounding the alarm; not about increasingly sophisticated cyber threats, but about something far more human –  distraction. The new research from KnowBe4, surveyed more than 100 security professionals during the Infosecurity Europe 2025 conference to gauge the current state of cybersecurity concerns.

The main findings of the report include:

• Distraction is a Top Cybersecurity Weakness: Distraction (43%) and lack of security awareness training (41%) are identified as primary reasons employees fall victim to cyberattacks, rather than attack sophistication.
• Phishing Remains Dominant: Phishing is the leading threat (74%), with impersonation of executives or trusted colleagues being the most common tactic. AI-generated threats are not yet dominant but fears about their rise are growing.
• Cybersecurity Spending Increase with Alignment Gaps: 65% of organisations plan to increase cybersecurity budgets, with top investment areas including email security and security awareness training. However, there is a disconnect between perceived effectiveness of AI-based tools (32% believe greatest impact) and their prioritisation for funding (26%).
• Anticipation of the AI Tipping Point: 60% of organisations fear the rise of AI-generated threats, suggesting preparation for future threats while still dealing with current human risks.
• The Confidence Paradox: Nearly 90% of respondents express confidence in their ability to respond to cyberattacks, which appears inconsistent with breach frequency and known vulnerabilities. This overconfidence is considered a risk in itself.

“Cyber risk is not just about advanced technology; it is about human bandwidth and the cognitive load of today’s fast-paced digital workplace,” said Javvad Malik, lead cybersecurity awareness advocate at KnowBe4. “The findings highlight that bridging the gap between perceived value and investment in integrated human risk management is crucial. Overconfidence, a risk in itself, further underscores the need to validate defences and support employees in making secure decisions amidst distractions, especially as we prepare for the rising tide of AI-generated threats.”

The report concludes with key recommendations for organisations looking to close the gap between threats and defences, with top tips on how to embrace human risk management, strengthen core security and build organisational resilience.

The full report is available to read here.

This report comes after recent research from KnowBe4 that revealed a spike in phishing attacks in 2025.

About KnowBe4

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behaviour against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation’s biggest asset. More at https://knowbe4.com.

Follow KnowBe4 on Linkedin and X.

The post KnowBe4 Finds Top Cybersecurity Risk is Employee Distraction, Not Threat Sophistication appeared first on IT Security Guru.

Workday, a leading provider of human resources and financial management software, has confirmed that it fell victim to a data breach stemming from a social engineering attack targeting a third-party Customer Relationship Management (CRM) system. According to the company, the breach did not impact its customer tenants or the secure data therein; instead, the compromised system contained primarily “commonly available business contact information,” including names, email addresses, and phone numbers.

Threat actors initiated the breach through a coordinated social engineering campaign. They reached out to Workday employees via SMS or phone calls, impersonating internal HR or IT personnel. These attackers tricked employees into granting access or revealing personal details, allowing them to infiltrate the CRM platform, likely Salesforce-based, via malicious OAuth applications.

Commenting on the incident, Dray Agha, senior manager of security operations at Huntress, said, “This incident underscores three non-negotiable defences: Eliminate OAuth blind spots, and enforce strict allow-listing for third-party app integrations and review connections at regular intervals. Adopt phishing-resistant MFA: Hardware tokens are essential, as ‘MFA fatigue’ attacks remain trivial. A huge number of attacks begin with social engineering, users being deceived, and user enrolment in execution of malware – effective security awareness training is a must for any organisation that wishes to repudiate cyber attacks.”

Workday discovered the breach on August 6, 2025, and made the incident public on August 15 via a blog post. Upon identifying the breach, Workday promptly blocked unauthorised access and implemented additional safeguards across its systems. The company emphasised that its customer-facing environments remain uncompromised and urged stakeholders to remain vigilant against phishing and impersonation attempts, reminding users that official communications will never be made via phone requesting passwords or sensitive information.

Tim Ward, CEO and co-founder at Redflags, warned that even limited data can have a wider impact: “Workday’s warning is correct; any information that attackers can use to increase ‘familiarity’ in subsequent social engineering attacks will significantly increase their impact. Psychological effects like authority bias, cognitive ease, social proof, and the mere exposure effect mean we are more likely to trust communications from them and be less likely to check for or notice telltale signs of social engineering. A healthy scepticism combined with helpful security awareness nudges at the point of risk to help encourage caution can be critical to protect people in organisations from these threats.”

The methods used highlight how manipulative such campaigns can be. Boris Cipot, senior security engineer at Black Duck, explained: “Social engineering is a manipulative attack method that relies on psychology and social interaction skills to deceive victims into releasing sensitive information. Attackers trick victims into performing actions that aid in gaining access to sensitive information, often requiring multiple interactions and ‘internal’ information to appear legitimate.

To protect against social engineering, organisations should establish and enforce strict procedures for handling sensitive information, such as not providing information over the phone, even to high-ranking executives, including the CEO. Employees should be aware of these procedures and understand that they will not be penalised for refusing to provide information or assist someone impersonating a superior.

The victims of the data breach should be careful. Workday should remain cautious and be aware of potential scams, phishing attacks, and social engineering techniques. Although the breached information may be limited to commonly known business data in this case, individuals should still be vigilant to avoid falling prey to further attacks.”

This is not an isolated incident. Similar campaigns have targeted other high-profile organisations, including Google, Adidas, and Qantas. Jamie Akhtar, CEO and co-founder at CyberSmart, said the breach highlights how far social engineering has evolved: “This breach demonstrates two things. Firstly, given that Workday is the latest in a long list that includes Adidas, Qantas, Google, and Air France-KLM to be compromised in this way, it shows how effective and sophisticated social engineering campaigns have become. Targeting specific employees with a target business is a long way from traditional ‘spray and pray’ phishing campaigns.

Second, it highlights the need for every business to engage in proper, targeted cybersecurity awareness training. It’s very difficult to completely eliminate social engineering threats through technical means alone. After all, it only takes one staff member to be duped by a clever scam for the whole thing to come crashing down. Therefore, businesses need to focus on staff training. Training your people to be constantly on the alert for potential threats and to recognise them is the most effective way to counter social engineering.”

Darren Guccione, CEO and co-founder of Keeper Security, warned that third-party systems must be treated as part of the enterprise attack surface:
“The data breach impacting Workday is a perfect illustration of the persistent and evolving risk posed by social engineering tactics targeting third-party platforms. The situation is reflective of a troubling trend across enterprise software vendors, and it appears connected to a broader wave of recent attacks similarly targeting CRM systems at multiple global enterprises via sophisticated social engineering and OAuth-based tactics.

Even when primary systems remain intact, external integration points can serve as gateways for attackers. These third-party ecosystems often are not subjected to the same level of scrutiny and control as the internal environments.

Attackers will therefore impersonate HR or IT personnel via phone and text to trick individuals into granting access or divulging sensitive information. Although the data accessed may appear limited, it can subsequently fuel highly targeted phishing or bespoke social engineering schemes on customers by using their own personal data.

Organisations should therefore view third-party applications, vendor tools, and CRM systems as integral extension points of their own attack surface. They should restrict access to what is necessary, and implement Privileged Access Management (PAM), zero-trust architectures, and zero-knowledge approaches to limit exposure. They should require all partners and third-party platforms to undergo regular security assessments and continuous monitoring. Employees should be trained with frequent simulation testing in order to raise awareness. It’s also important that organisations deploy continuous monitoring and rapid response in order to flag and attend to any unusual access.

The Workday breach is not an isolated incident – it’s part of a broader, escalating digital threat landscape where malicious actors seek to exploit human trust, third-party tools, and misaligned legacy processes. Organisations must treat security as an enterprise-wide discipline, extending beyond the immediate perimeter, into every integration, every external vendor, and every employee interaction.”

Javvad Malik, Lead Security Awareness Advocate at KnowBe4, reinforced that technical controls have limits: “Social engineering continues to be the most common way organisations get breached, for this very reason, that technical controls have their limitations. We currently don’t have effective ways for technology to screen and block phone calls in the same way that we can reduce some of the risk with emails. So, it’s important to not only educate people on these risks, but to empower them to say no to any suspicious requests that may come in and follow a separate, more secure process. There needs to be wider awareness raised as the information stolen can be used to craft convincing follow-on scams, which could be used as a foothold to an even bigger attack.”

Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, added that companies need stronger internal processes: “Organisations like Workday need to put processes in place that will foil vishing calls like the ones that took down Workday. Companies need to train their employees and executives on how to recognise schemes like this, and provide ways to immediately contact IT when an attempt occurs. There should be security checklists put in place, requiring that they be completed before handing over any information or performing any actions that could be used to breach their servers.”

Finally, Chris Linnell, Associate Director of Data Privacy at Bridewell, cautioned that even seemingly low-risk breaches can escalate: “The recent disclosure by Workday regarding a breach of its third-party CRM platform has understandably raised concerns across the data protection and security community. On the surface, the impact appears to be low – primarily because the compromised data consists of business contact information, much of which is already publicly accessible. However, this should not lull organisations into complacency.

The real risk lies in the potential for targeted social engineering attacks. As seen in recent breaches involving high street chains like M&S, even seemingly innocuous contact details can be weaponised to craft convincing phishing or vishing campaigns. Workday customers and prospects should be particularly vigilant, as threat actors may exploit this data to impersonate Workday staff.

The good news is that Workday has confirmed the breach did not affect its core platform or customer tenant. This is a significant relief, especially given that Workday is widely used for HR and payroll processing, often involving sensitive and special category data. The confidentiality of employee data, such as health information, diversity metrics, and financial details, remains intact.

This incident underscores the ongoing need for robust employee training around social engineering. Traditional phishing simulations are no longer sufficient. Organisations must explore more creative and engaging methods to ensure that awareness messaging resonates and drives behavioural change.

Finally, the breach serves as a reminder of the importance of supply chain security. Organisations must ensure that their suppliers and partners embed strong controls across people, processes, and technology. As the saying goes, you’re only as strong as your weakest link.”

The Workday breach serves as a stark reminder that even when sensitive customer data is not directly exposed, attackers can still exploit seemingly benign information to launch more sophisticated campaigns. As experts agree, defending against these threats requires more than just technical safeguards; it demands a blend of rigorous employee training, resilient processes, and heightened scrutiny of third-party systems. With social engineering attacks growing in frequency and sophistication, organisations must treat every integration, every partner, and every employee as part of their security perimeter.

The post Workday Discloses Data Breach Following CRM-Targeted Social Engineering Attack appeared first on IT Security Guru.

Black Duck has released a new GitHub App designed to make it easier for development and security teams to automate security testing across their repositories. Now available in the GitHub Marketplace, the Black Duck Security GitHub App integrates with Polaris, Black Duck SCA, and Coverity, streamlining both onboarding and continuous synchronisation of GitHub repositories.

The integration allows teams to configure and run static application security testing (SAST) and software composition analysis (SCA) scans on projects at scale, whether in SaaS or on-premises environments. By embedding security checks directly into developer workflows, Black Duck aims to improve time to value and overall return on investment for its customers.

Among its key features, the GitHub App supports bulk onboarding of repositories, automated scans triggered by commits and pull requests, and integration of results directly into pull request comments. It also enables automated fix pull requests for open source vulnerabilities, customisable policy enforcement to block builds with violations, and SARIF report integration with GitHub Advanced Security dashboards.

According to Black Duck, the benefits for development and security teams include simplified scaling of security testing across entire application portfolios, reduced manual configuration effort, and fewer errors. Developers also gain direct access to security insights and remediation guidance within their existing GitHub workflows.

“By integrating Black Duck with GitHub, we’re empowering developers to build secure software faster and more efficiently than ever while supporting our true scale approach for both on-prem and SaaS environments,” said Scott Johnson, VP of Product Management at Black Duck. “Combining our industry-leading application security expertise with GitHub’s collaborative development platform further enables our customers to reduce risk, accelerate development velocity, and achieve a stronger security posture – all while maintaining the agility and speed that modern software development demands.”

The Black Duck Security GitHub App is now live in the GitHub Marketplace, where teams can begin automating their application security testing without leaving the GitHub ecosystem.

The post Black Duck Debuts GitHub App to Automate Security Scans at Scale appeared first on IT Security Guru.