Security News

Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD - previously believed to be unaffected.

Data breaches are now costing companies nearly $4 million according to a new report from IBM Security and the Ponemon Institute released Wednesday. On average, breaches now cost organizations $3.86 million per attack, with the United States having the highest average cost per breach and healthcare being the most heavily hit industry.

The crew at IBM X-Force has uncovered a massive cache of files, including about five hours of training videos intended for a select crew of hackers in Iran known as ITG18. Big Blue said the videos range from two minutes to two hours and mainly cover techniques for compromising popular webmail services.

The cloud native core banking technology firm, has announced that its core banking platform Vault now runs on every major cloud infrastructure provider including Google Cloud Platform, Amazon Web Services, Microsoft Azure and IBM Cloud. Vault can be deployed on either the bank's choice of cloud provider, on premise, in a hybrid cloud using OpenShift from Red Hat, or as a SaaS product.

The library "Boasts a suite of tools for machine learning and data analytics tasks, all with built-in privacy guarantees," according to Naoise Holohan, a research staff member on IBM Research Europe's privacy and security team. Differential privacy allows data collectors to use mathematical noise to anonymize information, and IBM's library is special because it's machine learning functionality enables organizations to publish and share their data with rigorous guarantees on user privacy.

IBM has disclosed the details of several vulnerabilities found in powerline extenders made by China-based networking solutions provider Tenda. IBM says Tenda ignored its emails and phone calls, and it's unclear if any patches are being developed.

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed. In what seems a shortsighted move, when a proactive approach may have been better, Big Blue turned down a privately disclosed report of flaws in its enterprise security software - only to issue fixes after details of the holes emerged online.

To explain: SSRF is a way that someone with possibly very limited access to your network can send a legitimate looking query to one of your servers. If you can trick the vulnerable server into calling outside its own network by sending it an otherwise legimitate request, you may be able to capture server data such as secret authentication tokens or special HTTP headers that are usually only visible if you are already inside the network.

A high-severity vulnerability patched recently by IBM in its Maximo asset management solution makes it easier for hackers to move around in enterprise networks, cybersecurity firm Positive Technologies warned on Thursday. The security hole, tracked as CVE-2020-4529, has been described as a server-side request forgery issue that allows an authenticated attacker to send unauthorized requests from a system, which IBM says can facilitate other attacks.

Expanding on their long-term partnership, Siemens and IBM announce the availability of a new solution designed to optimize the Service Lifecycle Management of assets by dynamically connecting real-world maintenance activities and asset performance back to design decisions and field modifications. This new solution establishes an end-to-end digital thread between equipment manufacturers and the owner/operators of that equipment by leveraging elements of the Xcelerator portfolio from Siemens Digital Industries Software and IBM Maximo.