Daily News About IBM Security

  • Cloud threat report: Possible trend in cloud credential “oversaturation” – Security Intelligence
    on 2024-12-04 at 15:51

    A recent X-Force Cloud Threat Landscape Report has shed light on this fact, revealing a new trend in the average prices for stolen cloud access credentials. In its fifth year of reporting on the cloud threat landscape, IBM’s X-Force team has collected and analyzed data between June 2022 and June 2024 across multiple sources to identify key insights and emerging trends associated with cloud vulnerabilities and dark web statistics.

  • What is the Dark Web? A Guide to the Dark Side of the Internet
    by IBM Technology on 2024-12-04 at 12:23

    Read the X-Force Threat Intelligence Index → https://ibm.biz/Bda9awLearn more about the technology → https://ibm.biz/Bda9GBThe dark web is a mysterious and often misunderstood part of the internet, shrouded in secrecy and intrigue. Join Jeff Crume as he explores what the dark web is, how it works, and what kinds of content you can find there. From whistleblowers and journalists to marketplaces and hackers, Jeff covers it all. But be warned: the dark web is not for the faint of heart, and it’s not without its risks. So, if you’re curious about the dark side of the internet, keep watching.Read the Cost of a Data Breach report → https://ibm.biz/Bda9GF#darkweb #cybersecurity #security

  • Cyber Resiliency with IBM Storage Sentinel and IBM Security
    on 2024-12-03 at 06:18

    In today’s data-driven world, safeguarding sensitive information and ensuring uninterrupted business operations is a top priority. This IBM® Redbooks® explores how the integrated solution of IBM Storage Sentinel, IBM Storage FlashSystem, IBM Storage Copy …

  • IBM Security Verify Vulnerabilities Let Attackers Execute Arbitrary Commands
    on 2024-12-02 at 15:35

    IBM disclosed multiple critical vulnerabilities affecting its Security Verify Access Appliance, potentially exposing users to severe security risks. Users of affected IBM Security Verify Access Appliance versions are strongly advised to apply this patch as soon as possible to mitigate the risks associated with these vulnerabilities.

  • Vigilance Vulnerability Alerts – IBM Db2: denial of service via Query4, analyzed on 14/11 …
    on 2024-12-01 at 00:23

    An attacker can cause a fatal error of IBM Db2, via Query4, in order to trigger a denial of service.

  • Data Security & Cybersecurity Architecture: Governance to Response #ai #cybersecurity #datasecurity
    by IBM Technology on 2024-11-30 at 13:10

    Read the Cost of a Data Breach report → https://ibm.biz/BdaGuZ

  • The Power of Single Sign-On: Convenience & Security #singlesignon #sso
    by IBM Technology on 2024-11-30 at 13:10

    Read the Cost of a Data Breach report → https://ibm.biz/BdaGuX

  • IBM Maas360: Remote SignIn/SignOut Action for Admin
    by Big Blue Helps on 2024-11-29 at 09:32

    Introducing sign-in and sign-out actions for admins in shared devices is a pivotal enhancement that addresses a critical customer requirement. By extending this functionality to Non-Gsuite environments within MaaS360, we can ensure uniformity in security and usability across our customer base. This not only enhances the overall user experience but also strengthens our commitment to meeting and exceeding customer expectations.

  • IBM Issues Fixes for Vulnerabilities | SC Media UK
    on 2024-11-28 at 01:36

    Fixes have been released by IBM to address numerous product vulnerabilities.According to SecurityWeek, the most serious of the flaws are a pair of high-severity remote code execution bugs in its Data Visualization Manager and Security SOAR offerings.The flaw tracked as CVE-2024-52899 would allow attackers to exploit the Data Virtualization Manager for z/OS flaw to facilitate malicious JDBC URL parameter injections and run arbitrary code.Also a Security SOAR prototype pollution issue, tracked as CVE-2024-45801, could be leveraged to trigger arbitrary code execution and denial-of-service condition, according to IBM.Other security vulnerabilities patched by IBM include the Watson Speech Services Cartridge for Cloud Pak for Data and OpenSSL flaws, tracked as CVE-2024-49353 and CVE-2024-6119, respectively, as well as three Engineering Lifecycle Management issues, which could be utilized in cross-site scripting intrusions.Immediate application of the patches has been recommended even if no active exploitation of any of the flaws was reported.

  • High severity RCE flaws among several newly addressed IBM bugs
    on 2024-11-27 at 16:59

    Fixes have been released by IBM to address numerous product vulnerabilities, the most serious of which are a pair of high-severity remote code execution bugs in its Data Visualization Manager and Security SOAR offerings, reports SecurityWeek.Attackers could exploit the Data Virtualization Manager for z/OS flaw, tracked as CVE-2024-52899, to facilitate malicious JDBC URL parameter injections and run arbitrary code, while the Security SOAR prototype pollution issue, tracked as CVE-2024-45801, could be leveraged to trigger arbitrary code execution and denial-of-service condition, according to IBM. Other security vulnerabilities patched by IBM include the Watson Speech Services Cartridge for Cloud Pak for Data and OpenSSL flaws, tracked as CVE-2024-49353 and CVE-2024-6119, respectively, as well as three Engineering Lifecycle Management issues, which could be utilized in cross-site scripting intrusions. Immediate application of the patches has been recommended even if no active exploitation of any of the flaws was reported.

  • IBM Engineering Systems Flaw Let Attackers Bypass Security Restrictions
    on 2024-11-27 at 09:49

    A critical security vulnerability has been discovered in IBM Engineering Systems Design Rhapsody – Model Manager (RMM), potentially allowing remote attackers to bypass security restrictions and execute code. The flaw, identified as CVE-2024-41779, affects versions 7.0.2 and 7.0.3 of the software and has been assigned a CVSS base score of 9.8, indicating its severe nature. The vulnerability stems from a race condition in the software’s request handling mechanism. IBM researchers observed that by exploiting this flaw, an attacker could potentially send a specially crafted request to remotely execute code on the affected system, compromising its confidentiality, integrity, and availability. Analyze cyber threats with ANYRUN’s powerful sandbox. Black Friday Deals : Get up to 3 Free Licenses. Technical Analysis For RMM version 7.0.2, users are advised to download and install iFix031 or later, while those using version 7.0.3 should apply iFix008 or later. It’s important to note that the vulnerability is only exposed when DEBUG logging is enabled for ‘IDMappingsService.verbose.’ Under normal operating conditions, this debug-level logging is not enabled by default, which significantly reduces the risk of exploitation in typical deployments. Security experts emphasize the importance of prompt patching, given the critical nature of the vulnerability. The ease of exploitation, coupled with the potential for remote code execution, makes this flaw particularly concerning for organizations using the affected IBM software. While IBM has provided fixes, they have also suggested a workaround for those unable to immediately apply the patches. Users are advised not to enable DEBUG logging for ‘IDMappingsService.verbose.’ However, it’s worth noting that enabling DEBUG logging for IDMappingsService itself is not impacted by this vulnerability. The discovery of this flaw underscores the ongoing challenges in software security, particularly in complex engineering systems. As a result of this event, researchers urged for timely patching and sticking to best security practices remain crucial in mitigating risks associated with such vulnerabilities. Organizations using IBM Engineering Systems Design Rhapsody – Model Manager are strongly encouraged to review their systems and apply the necessary updates to ensure their environments remain secure. Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

  • Fortify your data – The Register
    on 2024-11-26 at 16:35

    While these features and offerings can help shave valuable time from the recovery process, IBM wanted to go further by moving threat detection as close as possible to the point of the ransomware attack in the storage ecosystem. IBM FlashSystem integrates with its cloud-based Storage Insights storage management and optimization system, which scans for anomalies and potential threats, enabling an organization to recover data from immutable snapshots in the event of a breach or data corruption.

  • IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR
    on 2024-11-26 at 16:35

    IBM on Monday announced patches for multiple vulnerabilities across its products, including two high-severity remote code execution (RCE) issues in Data Virtualization Manager and Security SOAR. Tracked as CVE-2024-52899 (CVSS score of 8.5), the flaw in Data Virtualization Manager for z/OS could allow a remote, authenticated attacker to inject malicious JDBC URL parameters, which could lead to arbitrary code execution on the server.

  • Generative Artificial Intelligence and Quantum Computing Pose New Data Security Challenges
    by Andrew Wig on 2024-11-26 at 06:59

    Ray Harishankar, IBM fellow and VP of IBM Quantum Safe, and Akiba Saeedi, VP of IBM Security Product Management, explain Guardium’s new data security center and quantum-safe capabilities

  • Scam Alert: Pig Butchering, Recruitment Scams & More!
    by IBM Technology on 2024-11-25 at 12:20

    Read the Cloud Threat Landscape Report → https://ibm.biz/BdawFyLearn more about the technology → https://ibm.biz/BdawFMThe online world is full of hidden dangers, protect yourself from online scams and cyber security threats. Jeff Crume teaches how to spot and avoid scams including pig butchering, recruitment scams, and phishing attacks. Discover the latest strategies for protecting yourself from social engineering and identity theft, and gain the knowledge and tools you need to stay safe in the digital world.Read the Cost of a Data Breach report → https://ibm.biz/BdawFS#cybersecurity #security #phishing

  • The Dark Web Discount: Stolen Credentials on the Rise #darkweb #cloudsecurity #security
    by IBM Technology on 2024-11-24 at 21:06

    Subscribe to see more videos like this in the future → https://www.youtube.com/channel/UCKWaEZ-_VweaEx1j62do_vQ

  • Spotting the Bad User: Uncovering Hidden Threats with User Behavior Analytics
    by IBM Technology on 2024-11-23 at 21:22

    UEBA: User and Entity Behavior Analytics: https://ibm.biz/BdaGA3

  • TechXchange 2024 Champions Moment
    by IBM TechXchange Community on 2024-11-22 at 21:07

    IBM Champions are IBM’s most honored VIPs. Nearly 300 IBM Champions participated in the IBM TechXchange Conference 2024 and this video reflects their excitement about being part of a community of passionate experts and advocates.

  • What does resilience in the cyber world look like in 2025 and beyond? – Security Intelligence
    on 2024-11-22 at 17:28

    In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant demands on incident response teams, resilience (and, in a narrower scope, cyber resilience ) will require significant attention due to the complexity of our systems. Using this framework, we can focus on three major emergent technology and data-focused issues impacting cyber resilience today:

  • IBM MaaS360: Configuring the User Manager Policy in Android devices
    by Big Blue Helps on 2024-11-20 at 07:19

    User Manager policy are policies that outlines the rules and restrictions for user management on Android systems. This video helps in understanding how to configure UserManager policies in Android devices .MaaS360 has implemented a generic way to support upcoming User Manager policies as well.Administrators can add the UserManager policies with custom settings in the form of UserManager.constant. To obtain the keys, enrollment types, and the supported android versions admin can refer the user manager Google documentation https://developer.android.com/reference/android/os/UserManagerDocumentation Link :https://www.ibm.com/docs/en/maas360?topic=devices-configuring-usermanagerconstant-policy

Verified by MonsterInsights