Security News

Cybersecurity researchers today disclosed details of a memory vulnerability in IBM's Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw, which impacts IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms, is caused by improper usage shared memory, thereby granting a bad actor to perform unauthorized actions on the system.

A security flaw in a series of IoT connectivity chips could leave billions of industrial, commercial, and medical devices open to attackers. EHS8 modules are built for industrial IoT machines that operate in factories, the energy sector, and medical roles, and are designed to create secure communication channels over 3G and 4G networks.

The IBM POWER10 processor is engineered to achieve significantly faster encryption performance with quadruple the number of AES encryption engines per core compared to IBM POWER9 for today's most demanding standards and anticipated future cryptographic standards like quantum-safe cryptography and fully homomorphic encryption. New processor core architectures in the IBM POWER10 processor with an embedded Matrix Math Accelerator which is extrapolated to provide 10x, 15x and 20x faster AI inference for FP32, BFloat16 and INT8 calculations per socket respectively than the IBM POWER9 processor to infuse AI into business applications and drive greater insights.

Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD - previously believed to be unaffected.

Data breaches are now costing companies nearly $4 million according to a new report from IBM Security and the Ponemon Institute released Wednesday. On average, breaches now cost organizations $3.86 million per attack, with the United States having the highest average cost per breach and healthcare being the most heavily hit industry.

The crew at IBM X-Force has uncovered a massive cache of files, including about five hours of training videos intended for a select crew of hackers in Iran known as ITG18. Big Blue said the videos range from two minutes to two hours and mainly cover techniques for compromising popular webmail services.

The cloud native core banking technology firm, has announced that its core banking platform Vault now runs on every major cloud infrastructure provider including Google Cloud Platform, Amazon Web Services, Microsoft Azure and IBM Cloud. Vault can be deployed on either the bank's choice of cloud provider, on premise, in a hybrid cloud using OpenShift from Red Hat, or as a SaaS product.

The library "Boasts a suite of tools for machine learning and data analytics tasks, all with built-in privacy guarantees," according to Naoise Holohan, a research staff member on IBM Research Europe's privacy and security team. Differential privacy allows data collectors to use mathematical noise to anonymize information, and IBM's library is special because it's machine learning functionality enables organizations to publish and share their data with rigorous guarantees on user privacy.

IBM has disclosed the details of several vulnerabilities found in powerline extenders made by China-based networking solutions provider Tenda. IBM says Tenda ignored its emails and phone calls, and it's unclear if any patches are being developed.

IBM is under fire for refusing to patch critical vulnerabilities in its Data Risk Manager product until exploit code was publicly disclosed. In what seems a shortsighted move, when a proactive approach may have been better, Big Blue turned down a privately disclosed report of flaws in its enterprise security software - only to issue fixes after details of the holes emerged online.