Have a question? +971 56 404 0503
Tech Features
Making Sense of Identity Threat Risks
By David Warburton, Director, F5 Labs
The growing maturity of cloud computing, including shifts towards decentralized architectures and APIs, has highlighted the complexity of managing credentials in increasingly interconnected systems. It has also underlined the importance of managing non-human entities like servers, cloud workloads, third-party services, and mobile devices.
F5 Labs’ 2023 Identity Theft Report defines identity as an artifact that an entity uses to identify itself to a digital system – such as a workload, a computer, or an organization. Examples of digital identities include username/password pairs and other personally identifiable information or cryptographic artifacts such as digital certificates.
Digital identities cannot stand on their own. They require a system to accept and validate them. In other words, for a digital identity to function there must be at least two parties involved: an entity and an identity provider (IdP) that are responsible for issuing and vetting digital identities. However, not all organizations that provide resources are IdPs—many digital services rely on third-party IdPs such as Google, Facebook, Microsoft, or Apple to vet identities.
Based on our recent analysis, the three most prominent forms of attack in the identity threat arena currently are credential stuffing, phishing, and multi-factor authentication (MFA) bypass.
Credential stuffing
Credential stuffing is an attack on digital identity in which attackers use stolen username/password combinations from one identity provider to attempt to authenticate to other identity providers for malicious purposes, such as fraud.
It is a numbers game that hinges on the fact that people reuse passwords,
but the likelihood that any single publicly compromised password will work on another single web property is still small. Making credential stuffing profitable is all about maximizing the number of attempts, which requires automation.
Phishing
Phishing is perhaps rivaled only by denial of service (DoS) attacks in being fundamentally different from other kinds of attacks. It is an attack on digital identity, to be sure, but since it usually relies on a social engineering foothold, it is even more difficult to detect or prevent than credential stuffing.
Phishing attacks have two targets: there is the end user who is in possession of a digital identity, and there is the IdP, which the attacker will abuse once they’ve gotten credentials. Depending on the motives of the attacker and the nature of the system and the data it stores, the impact of a successful phishing trip can land primarily on the user (as in the case of bank fraud), solely on the organization (as in the case of compromised employee credentials), or somewhere in the middle.
On the attacker side, phishing can range from simple, hands-off solutions for unskilled actors to custom-built frameworks including infrastructure, hosting, and code. The most hands-off setup is the Phishing-as-a-service (PhaaS) approach in which the threat actor pays to gain access to a management panel containing the stolen credentials they want, and the rest is taken care of by the “vendor.”
Dark web research indicates that the most popular subtype of phishing service is best described as phishing infrastructure development, in which aspiring attackers buy phishing platforms, infrastructure, detection evasion tools, and viable target lists, but run them on their own.
Brokering phishing traffic, or pharming, is the practice of developing infrastructure and lures for the purposes of driving phishing traffic, and then selling that traffic to other threat actors who can capitalize on the reuse of credentials and collect credentials for other purposes.
Finally, the attacker community has a niche for those who exclusively rent out hosting services for phishing.
The most important tactical development in phishing is undoubtedly the rise of reverse proxy/ man-in-the-middle phishing tools (sometimes known as real-time phishing proxies or RTPPs), the best known of which are Evilginx and Modlishka. This is largely because it grants attackers the ability to capture most multi-factor authentication codes and replay them immediately to the target site facilitating MFA bypass but also making it less likely that the user victim will detect anything is amiss.
Multi-factor authentication (MFA) bypass
Recent years have seen attackers adopt a handful of different approaches to bypassing multi-factor authentication. The differences between these approaches are largely driven by what attackers are trying to accomplish and who they are attacking.
Nowadays, the reverse proxy approach has become the new standard for phishing technology, largely because of its ability to defeat most types of MFA.
MFA bypass tactics include:
- Malware. In mid-2022, F5 malware researchers published an analysis of a new strain of Android malware named MaliBot. While it primarily targeted online banking customers in Spain and Italy when it was first discovered, it had a wide range of capabilities, including the ability to create overlays for web pages to harvest credentials, collect codes from Google’s Authenticator app, capture other MFA codes including SMS single-use codes, and steal cookies.
- Social engineering. There are several variations of social engineering for bypassing MFA. Some target the owner of the identity, and some target telecommunications companies to take control of phone accounts.
- Social Engineering for MFA Code—Automated. These are attacks in which attackers make use of “robocallers” to make phone calls to the target, emulating an identity provider and asking the victim for an MFA code or one-time password (OTP).
- Social engineering for MFA code—Human. This is the same as the above approach except that the phone calls come from humans and not an automated system.
- SIM swaps. In this kind of attack, a threat actor obtains a SIM card for a mobile account that they want to compromise, allowing them to assume control of the victim’s phone number, allowing them to collect OTPs sent over SMS. There are several variations of this approach.
So, what does it all mean?
Identity threats are constant and continuous. Whereas a vulnerability represents unexpected and undesirable functionality, attacks on identity represent systems working exactly as designed. They are therefore “unpatchable” not only because we can’t shut users out, but because there isn’t anything technically broken.
This brings us back to the question of what digital identity really is. To go from real, human identity to digital identity, some abstraction is inevitable (by which we mean that none of us is reducible to our username-password pairs). We often teach about this abstraction in security by breaking it down to “something we know, something we have, and something we are.” It is this abstraction between the entity and the digital identity that attackers are exploiting, and this is the fundamental basis of identity risk.
By thinking about digital identities in this way, what we are really saying is that they are
a strategic threat on par with, but fundamentally different from, vulnerability management. With nothing to patch, each malicious request needs to be dealt with individually, as it were. If modern vulnerability management is all about prioritization, modern identity risk management is essentially all about the ability to detect bots and differentiate them from real human users. The next logical step is quantifying the error rate of detecting these attacker-controlled bots. This is the basis on which we can begin to manage the risk of
the “unpatchables.”
By Mansour Al Ajmi, CEO of X-Shift
Sustainable AI practices are no longer optional—they are essential for shaping technology that benefits both people and the planet. As artificial intelligence transforms industries from healthcare to transportation, the challenge is to ensure its growth is ethical, environmentally responsible, and socially inclusive. This means addressing not only energy efficiency and carbon reduction but also governance, fairness, and long-term societal impacts.
Why Sustainable AI Practices Go Beyond the Environment?
AI is now deeply embedded in investment strategies, medical diagnostics, media platforms, and public infrastructure. While reducing energy usage is vital, true sustainability also requires ethical governance and the elimination of bias.
For example, biased training datasets can unintentionally reinforce social inequality. Studies, such as those from the MIT Media Lab, have shown that some AI systems perform poorly with diverse populations, highlighting the risk of discrimination. Addressing this means conducting regular algorithmic audits, enforcing transparency, and ensuring diverse representation in AI development teams.
The Environmental Impact of AI
Training advanced AI models consumes enormous computational resources. The process can generate carbon emissions equivalent to hundreds of long-haul flights. To counter this, tech leaders are investing in renewable energy and designing energy-efficient processors and cooling systems.
However, sustainable AI practices should become the default, not the exception. From sourcing materials responsibly to rethinking hardware infrastructure, the focus must be on green innovation by design.
Embedding Sustainability at the Strategic Core
Sustainable AI practices work best when integrated into an organization’s core strategy. Aligning AI solutions with the UN’s Sustainable Development Goals (SDGs) can directly support climate action, reduce inequalities, and promote responsible consumption.
In the Middle East, initiatives like Saudi Arabia’s Vision 2030 and the UAE Strategy for Artificial Intelligence demonstrate how sustainability and AI can align with national priorities. These strategies not only meet ethical standards but also deliver competitive advantages, building consumer trust and fostering innovation.
Governance for Responsible AI
Strong governance is key to ensuring sustainable AI practices are upheld. Regulatory frameworks, such as the European Union’s AI Act, guide transparency, accountability, and fairness.
Governance should enable innovation while preventing harm. Public-private partnerships, global cooperation, and industry alliances are critical to creating ethical, scalable, and resilient AI ecosystems.
Preparing the Workforce for the AI Era
McKinsey estimates that AI adoption could displace up to 800 million jobs by 2030. Sustainable AI practices must include reskilling and upskilling initiatives to ensure inclusive economic growth.
By investing in training programs, organizations can help employees transition to new roles in AI-related fields. This proactive approach strengthens workforce agility and supports long-term resilience.
Leadership’s Role in Driving Sustainable AI Practices
AI can significantly advance sustainability goals, from optimizing supply chains to reducing environmental waste. Companies like Unilever are already using AI to achieve greener operations, proving its real-world potential.
Yet leadership commitment is essential. Executives must set measurable goals, model ethical behavior, and integrate sustainability into company culture. This ensures that sustainability is not a side project but a core business value.
The Shared Responsibility for a Sustainable AI Future
Creating a sustainable AI future requires collaboration between individuals, corporations, and governments. Citizens should stay informed and question how AI affects them. Companies must embed sustainability into their AI strategies, while governments need to establish policies that encourage responsible innovation.
By acting now, we can ensure AI evolves as a force for good—advancing technology without sacrificing ethics, equity, or environmental stewardship.
Check out our previous post on WHX Tech 2025 to Drive Global Digital Health Transformation
Epicor CMO Kerrie Jordan has been appointed to lead the company’s global marketing strategy. This move marks a pivotal moment in the enterprise software leader’s expansion. Epicor, known for its industry-specific solutions for the make, move, and sell economy, announced the news on August 12, 2025, in Dubai.
Jordan brings a rare combination of senior product innovation and strategic marketing expertise. She will strengthen the Epicor brand, expand market reach, and deepen customer engagement worldwide.
Epicor CMO Kerrie Jordan Brings Product and Market Expertise Together
Vaibhav Vohra, Epicor President and Chief Product & Technology Officer, eVaibhav Vohra, Epicor President and Chief Product & Technology Officer, emphasized the importance of the appointment.
“Kerrie’s ability to connect product strategy with market execution makes her an ideal fit. Her leadership has already shaped our Cognitive ERP vision, and we’re excited to see her bring that same energy and insight to our marketing efforts.”
Since joining Epicor in 2023 as Group Vice President of Product Management and ISV Partner Programs, Jordan has advanced the company’s Cognitive ERP roadmap. This AI-driven approach turns ERP from a system of record into a system of action and insight, empowering supply chain businesses to operate smarter and faster.
A Vision for Accelerated Innovation and Growth
In her new role, Jordan will unite product innovation, analytics, and go-to-market strategies to accelerate customer time-to-value. She will also foster innovation and support Epicor’s global expansion.
“I’m honored to expand my role at Epicor,” Jordan said. “Epicor is at the forefront of enabling essential businesses to thrive through AI-driven, connected technologies. I look forward to amplifying our impact, building stronger relationships with customers and partners, and driving growth across global markets.”
A Career Built on Technology Leadership
Before joining Epicor, Jordan served in senior product marketing positions at Oracle. She developed strategies for enterprise software solutions and helped drive adoption. Earlier in her career, she led strategic marketing programs for technology clients during her consulting roles at global marketing firms.
Jordan is a recognized voice in cloud ERP, digital transformation, and supply chain innovation. She hosts Epicor’s “Manufacturing the Future” podcast, which features industry leaders discussing trends shaping manufacturing and supply chain sectors. She is also a Forbes Tech Council contributor. Jordan holds a Bachelor of Science in Marketing from Santa Clara University in California.
Epicor’s Commitment to Industry-Focused Growth
Epicor has served customers across automotive, building supply, distribution, manufacturing, and retail for more than 50 years. The company’s solutions are tailored to industry needs and adaptable to fast-changing market conditions.
Check out our previous post on WHX Tech 2025 to Drive Global Digital Health Transformation
Tech Features
In-Hand Comfort Meets Elegant Design – A UI You’ll Love and Performance You Can Count On– Meet Oppo’s Reno 14 Series!
Reviewed By Srijith KN
Device Reno 14F 5G
In today’s crowded smartphone market, very few devices make a lasting impression from the first hold. The Oppo Reno 14 Series does exactly that. Its rounded front design, sharp edges, and striking Iridescent Mermaid finish give it a premium look that stands out. At just 7.42 mm thick and 187 g, with aluminium-framed edges, it feels light yet sturdy in the hand.
The 6.57-inch LTPS OLED display offers a 120 Hz Full HD+ experience with HDR10+ support and a peak brightness of 1,200 nits. While the brightness could be slightly higher, the rich colour tones make it ideal for streaming and gaming. The high refresh rate ensures smooth scrolling and responsive visuals.
Display & Performance in the Oppo Reno 14
Powered by the Snapdragon 6 Gen 1 mobile platform, paired with 12 GB of RAM and 512 GB of UFS 3.1 storage, the Oppo Reno 14 Series delivers fluid performance. Everyday tasks, multitasking, and gaming feel effortless. Even after a month of use, there’s no lag, and the phone remains cool under pressure.
The signal reception is equally reliable, performing well even in remote mountain regions. For gamers, the combination of smooth frame rates and strong connectivity makes it a dependable choice.
Camera Setup Built for Creativity
The Oppo Reno 14 Series brings a 32 MP front camera and a triple rear camera system (50 MP + 8 MP + 2 MP). It supports 4K 60 fps HDR video recording, delivering sharp and vibrant footage. Oppo’s image processing handles lighting well, although the AI can occasionally produce slightly artificial tones. When it dials back the processing, the results are impressively natural.
Selfies from the front camera are detailed, making it a strong option for content creators. AI-powered tools such as AI Eraser, AI Reflection Remover, AI Unblur, AI Recompose, and AI Perfect Shot add versatility. Beyond photography, features like real-time translation and cloud-based voice transcription offer extra value.
Battery Life & Charging Speed on the Oppo Reno 14
Battery performance is one of the standout features. The massive 6,000 mAh battery easily lasts over a day of heavy use. Paired with 80 W fast charging, it goes from 0% to 100% in just 40–50 minutes, reducing downtime significantly.
Software and User Experience
Running on ColorOS 15, the interface is polished and responsive. The design is intuitive, though it comes with pre-installed apps that many users may want to remove for a cleaner setup. The combination of IP69 water and dust resistance, strong haptics, and a promised five years of major updates enhances its long-term value.
Verdict: A Strong Contender in Its Price Range
The Oppo Reno 14 Series blends premium design, solid performance, long battery life, and camera versatility into a package that offers excellent value. Whether for everyday use, creative projects, or gaming, it meets a wide range of needs without compromise.
For readers who enjoyed this review, check out our previous feature on Sustainable Tech: How Globant Shapes a Greener Tomorrow to see how innovation is shaping the tech industry.
Al Huzaifa Properties Launch Soléva Beach Residences on Al Marjan Island, Ras Al Khaimah
Marjan announces completion of infrastructure works on RAK Central in Ras Al Khaimah
Deep Dive Dubai Launches Sunken City Walk, a Cinematic Underwater Experience that Makes Adventure Just a Step Away
-
Tech News1 year agoDenodo Bolsters Executive Team by Hiring Christophe Culine as its Chief Revenue Officer
-
VAR5 months agoMicrosoft Launches New Surface Copilot+ PCs for Business
-
Tech Interviews1 year agoNavigating the Cybersecurity Landscape in Hybrid Work Environments
-
Tech News2 months agoNothing Launches flagship Nothing Phone (3) and Headphone (1) in theme with the Iconic Museum of the Future in Dubai
-
Tech News1 year agoBrighton College Abu Dhabi and Brighton College Al Ain Donate 954 IT Devices in Support of ‘Donate Your Own Device’ Campaign
-
VAR1 year agoSamsung Galaxy Z Fold6 vs Google Pixel 9 Pro Fold: Clash Of The Folding Phenoms
-
Editorial10 months agoCelebrating UAE National Day: A Legacy of Leadership and Technological Innovation
-
Tech Features1 year agoThe Middle East to Lead with Next-generation Mission Critical Communication Advancement