Security News

To explain: SSRF is a way that someone with possibly very limited access to your network can send a legitimate looking query to one of your servers. If you can trick the vulnerable server into calling outside its own network by sending it an otherwise legimitate request, you may be able to capture server data such as secret authentication tokens or special HTTP headers that are usually only visible if you are already inside the network.

A high-severity vulnerability patched recently by IBM in its Maximo asset management solution makes it easier for hackers to move around in enterprise networks, cybersecurity firm Positive Technologies warned on Thursday. The security hole, tracked as CVE-2020-4529, has been described as a server-side request forgery issue that allows an authenticated attacker to send unauthorized requests from a system, which IBM says can facilitate other attacks.

Expanding on their long-term partnership, Siemens and IBM announce the availability of a new solution designed to optimize the Service Lifecycle Management of assets by dynamically connecting real-world maintenance activities and asset performance back to design decisions and field modifications. This new solution establishes an end-to-end digital thread between equipment manufacturers and the owner/operators of that equipment by leveraging elements of the Xcelerator portfolio from Siemens Digital Industries Software and IBM Maximo.

IBM has announced a definitive agreement to acquire cloud cybersecurity posture management solutions provider Spanugo. Spanugo's technology allows organizations to demonstrate compliance in real time, while also helping them continuously improve their cloud security to ensure that attacks can be repelled.

Two critical vulnerabilities patched recently by IBM in its WebSphere Application Server product can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Two of the flaws have been rated critical and they can be exploited for remote code execution, while the third has been classified as high severity and it can lead to information disclosure.

Wipro announced a collaboration with IBM to assist Wipro customers embark on a seamless and secure hybrid cloud journey. Through this alliance, Wipro will develop hybrid cloud offerings to help businesses migrate, manage and transform mission-critical workloads and applications, with security across public or private cloud and on-premises IT environments.

IBM this week announced the availability of open source toolkits that allow for data to be processed while it's still encrypted. The toolkits implement fully homomorphic encryption, which enables the processing of encrypted data without providing access to the actual data.

Alert Logic announced that organizations relying on IBM Cloud services now have full access to Alert Logic's comprehensive managed detection and response capabilities. The company uses the Alert Logic MDR solution for the security layer of its IBM Cloud deployment.

Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group.

IBM has acknowledged that it mishandled a bug report that identified four vulnerabilities in its enterprise security software, and plans to issue an advisory. IBM Data Risk Manager offers security-focused vulnerability scanning and analytics, to help businesses identify weaknesses in their infrastructure.