In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher…
Browsing Categorysoftware vulnerability
IOCs vs. IOAs — How to Effectively Leverage Indicators
Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners…
93% of Organizations Have Network Vulnerabilities: Here’s How to Beat the Odds
Cybersecurity is an ongoing battle, and the latest figures from penetration testers prove that the fight is far from over. According to Positive Technologies, 93% of all networks are open…
When it Comes to Stopping IoT Security Camera Breaches, Focus on Procurement
Earlier this year, an enterprise security camera system maker suffered a data breach. The incident, which involved the compromise of a Jenkins server, enabled a group of attackers to bypass…
Nation State Threat Group Targets Airline with Aclip Backdoor
In March 2021, IBM Security X-Force observed an attack on an Asian airline that we assess was likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack.…
Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform
In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of…
How to Deal With Unpatched Software Vulnerabilities Right Now
According to the 2021 X-Force Threat Intelligence Index, scanning for and exploiting vulnerabilities was the top infection vector of 2020. Up to one in three data breaches stemmed from unpatched…
Why Containers in the Cloud Can Be An Attacker’s Paradise
Containers — which are lightweight software packages that include entire runtime environments — have solved the issues of portability, compatibility and rapid, controlled deployment. Containers include an application; all its…
Spend Wisely (Not Just More) to Become Cyber Resilient
Spending on cybersecurity is hitting record highs. And that makes sense. Because of big changes in how work gets done (plus the rising cost of breaches and attacks, like ransomware),…
How AI Will Transform Data Security
I’ve often wondered whether artificial intelligence (AI) in cybersecurity is a good thing or a bad thing for data security. Yes, I love the convenience of online stores suggesting the…