Application Security April 5, 2023

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard,…

Software Vulnerabilities December 13, 2022

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

2 min read - In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely…

Software Vulnerabilities December 6, 2022

Containers, Security, and Risks within Containerized Environments

4 min read - Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its…

Application Security April 27, 2022

Electron Application Attacks: No Vulnerability Required

3 min read - While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a…

Software Vulnerabilities November 16, 2021

Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

4 min read - In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same…

Application Security August 20, 2021

Behavior Transparency: Where Application Security Meets Cyber Awareness

3 min read - How can you tell when software is behaving strangely if you don’t know what the right behavior is? That’s an important question when it comes to threat actors. After all, attackers often hijack honest software, networks and systems for dishonest…

Artificial Intelligence July 23, 2021

How AI Will Transform Data Security

3 min read - I’ve often wondered whether artificial intelligence (AI) in cybersecurity is a good thing or a bad thing for data security. Yes, I love the convenience of online stores suggesting the perfect items for me based on my search history, but…

Application Security July 22, 2021

API Abuse Is a Data Security Issue Here to Stay

3 min read - Just about every app uses an application programming interface (API). From a security standpoint, though, APIs also come with some common problems. Gartner predicted that API abuse will be the most common type of attack seen in 2022. So, what…

Intelligence & Analytics July 15, 2021

Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness

3 min read - Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be…

Artificial Intelligence May 17, 2021

Harnessing the Power of Transfer Learning to Detect Code Security Weaknesses

5 min read - Detecting vulnerabilities in code has been a problem facing the software development community for decades. Undetected weaknesses in production code can become attack entry points if detected and exploited by attackers. Such vulnerabilities can greatly damage the reputation of the…