Security News
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. CVE-2022-46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code.
Attackers are exploiting a critical vulnerability in the IBM Aspera Faspex centralized file transfer solution to breach organizations. IBM Aspera Faspex is used by organizations to allow employees to quickly and securely exchange files with each other.
A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software, according to cybersecurity company SentinelOne.
The IBM report noted that ransomware declined 4 percentage points between 2021 and 2022, and defenders were more successful at detecting and preventing those attacks. Cyberattackers have gotten much faster at infiltrating perimeters, with the average time to complete a ransomware attack dropping from two months to less than four days.
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw, dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "First-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure."
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code. The privilege escalation flaw, dubbed "Hell's Keychain" by cloud security firm Wiz, has been described as a "First-of-its-kind supply-chain attack vector impacting a cloud provider's infrastructure."
IBM has started offering quantum-resistant crypto - using the quantum-resistant crypto recommended by the US National Institute of Standards and Technology. China is felt to be stealing data today, safe in the knowledge its future quantum computers will be able to decrypt it in the near future.
IBM has expanded its extensive cybersecurity portfolio by acquiring Randori - a four-year-old startup that specializes in helping enterprises manage their attack surface by identifying and prioritizing their external-facing on-premises and cloud assets. Its plan is to give the computing behemoth's customers a tool to manage their security posture by looking at their infrastructure from a threat actor's point-of-view - a position IBM hopes will allow users to identify unseen weaknesses.
IBM Security QRadar and LogRhythm provide security to organizational networks through their SIEM solutions. The IBM Security QRadar SIEM works to detect cyberthreats and suspicious activity across the network enterprise within on-premises, hybrid and cloud environments.
The interesting part about where IBM is actually headed is, security and what we actually do in security is about protecting the surface area. When you look at Snyk and Snyk's kind of whole ethos is to say, "Well, that's the core. That's the heart. You have to be developer-first." And the meaning of that, one of my favorite things to do is to talk to a chief security officer and say, "Yes, you're kind of here to sort of help secure the organization and you are the one likely to sign the check, but you're not the most important user of the product." Because the most important user of the product, the biggest risk we both face is the developers don't actually pick it up.