Security News

Showing code overlaps with Mirai and its variants and reusing Gafgyt code, Mozi has been highly active over the past year, and it accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, although it did not attempt to remove competitors from compromised systems, IBM researchers say. The large increase in IoT attacks might also be the result of a higher number of IoT devices being available worldwide, thus expanding the attack surface.

Trilio announced that its application-centric data protection platform for Kubernetes will be available to IBM customers and partners. IBM clients can leverage IBM Cloud Pak for Data with TrilioVault for Kubernetes to protect container-based applications across hybrid cloud environments.

IBM has issued fixes for vulnerabilities in Spectrum Protect Plus, Big Blue's security tool found under the umbrella of its Spectrum data storage software branding. IBM Spectrum Protect Plus is a data-protection solution that provides near-instant recovery, replication, reuse and self-service for virtual machines.

Schlumberger, IBM and Red Hat, announced today a major collaboration to accelerate digital transformation across the oil and gas industry. Through the agreement with IBM and Red Hat, Schlumberger has committed to the exclusive use of Red Hat OpenShift.

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.

Security firm Trustwave said the shared memory vulnerability in Db2 - CVE-2020-4414 - was similar to the problems found with Cisco's Webex in June. According to TrustWave, "Only Db2 for LUW is affected. Db2 for other platforms like IBM mainframes and z/OS are unaffected."

IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney's office after a 2019 lawsuit alleged that the app was deceiving its users in how it was using their geolocation data. The 2019 lawsuit claimed, the app's permission prompt for users to share their geolocation data did not make them aware that it was also selling that data to third-party companies.

A shared memory vulnerability that IBM addressed in its Db2 data management products could allow malicious local users to access sensitive data. Trustwave, which identified the vulnerability and reported it to IBM, says that the issue exists because the developers forgot to include explicit memory protections for the shared memory that the Db2 trace facility uses.

For two years, IBM has been deploying confidential computing capabilities in the IBM Cloud and Rohit Badlaney, vice president of IBM Z Hybrid Cloud, said it is the only public cloud with "Production-ready confidential computing capabilities able to protect data, applications and processes." IBM's platform is now used in heavily regulated industries like healthcare and banking, with high profile customers like Bank of America and Daimler taking advantage of confidential cloud computing capabilities.

The IBM Db2 is a family of hybrid data-management products containing artificial intelligence, which can be used to analyze and manage both structured and unstructured data within enterprises. The lack of explicit memory protections "Allows any local users read-and-write access to that memory area," Trustwave researchers said, in their PoC exploit writeup for the bug, issued on Thursday.