Software Vulnerabilities December 13, 2022

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

2 min read - In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely…

Software Vulnerabilities December 6, 2022

Containers, Security, and Risks within Containerized Environments

4 min read - Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its…

Application Security April 27, 2022

Electron Application Attacks: No Vulnerability Required

3 min read - While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a…

Software Vulnerabilities November 16, 2021

Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

4 min read - In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same…

Application Security August 20, 2021

Behavior Transparency: Where Application Security Meets Cyber Awareness

3 min read - How can you tell when software is behaving strangely if you don’t know what the right behavior is? That’s an important question when it comes to threat actors. After all, attackers often hijack honest software, networks and systems for dishonest…

Artificial Intelligence July 23, 2021

How AI Will Transform Data Security

3 min read - I’ve often wondered whether artificial intelligence (AI) in cybersecurity is a good thing or a bad thing for data security. Yes, I love the convenience of online stores suggesting the perfect items for me based on my search history, but…

Application Security July 22, 2021

API Abuse Is a Data Security Issue Here to Stay

3 min read - Just about every app uses an application programming interface (API). From a security standpoint, though, APIs also come with some common problems. Gartner predicted that API abuse will be the most common type of attack seen in 2022. So, what…

Intelligence & Analytics July 15, 2021

Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness

3 min read - Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be…

Artificial Intelligence May 17, 2021

Harnessing the Power of Transfer Learning to Detect Code Security Weaknesses

5 min read - Detecting vulnerabilities in code has been a problem facing the software development community for decades. Undetected weaknesses in production code can become attack entry points if detected and exploited by attackers. Such vulnerabilities can greatly damage the reputation of the…

Software Vulnerabilities November 18, 2020

IBM Works With Cisco to Exorcise Ghosts From Webex Meetings

8 min read - COVID-19 has changed the way many people work, as organizations have shifted to remote work to slow the spread. In early May, more than 100 million Americans were working from home, creating an increased need for remote collaboration tools like…