Software Vulnerabilities December 13, 2022

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

2 min read - In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely…

Intelligence & Analytics July 15, 2021

Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness

3 min read - Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be…

Software Vulnerabilities November 18, 2020

IBM Works With Cisco to Exorcise Ghosts From Webex Meetings

8 min read - COVID-19 has changed the way many people work, as organizations have shifted to remote work to slow the spread. In early May, more than 100 million Americans were working from home, creating an increased need for remote collaboration tools like…

Risk Management November 4, 2019

Security Supply and Demand: An Economic Approach to Cybersecurity Risk Management

4 min read - Effective cybersecurity risk management boosts infosec supply and reduces cost demands, but it isn't a purely technological venture. Here's how economic theory can help reduce total risk.

Software Vulnerabilities October 1, 2019

Why Fixing Security Vulnerabilities Is Not That Simple

6 min read - When it comes to patching, the devil is in the details. Help the process along by understanding these five issues organizations commonly face between scanning and finding security vulnerabilities.

Software Vulnerabilities May 1, 2019

Penetration Testing Versus Red Teaming: Clearing the Confusion

6 min read - There is some confusion in cybersecurity as to the difference between penetration testing and red teaming. Since all businesses have vastly different security needs, the distinction is critical.

Data Protection March 22, 2019

Vulnerability Assessments Versus Penetration Tests: A Common Misconception

6 min read - Vendors, cybersecurity professionals and marketing teams often use the terms "penetration testing" and "vulnerability assessment" interchangeably, mixing two completely different security engagements.

Endpoint March 15, 2019

How Patch Posture Reporting Improves Security Landscapes

6 min read - If your vulnerability management tools do not report on your company's patch posture, you may be missing crucial holes in your software that are ripe for exploitation.

Application Security December 17, 2018

Is It Time to Start a PSIRT? Why Your CSIRT May Not Be Enough

5 min read - Your CSIRT protects your organizational network, but who secures your products? It may be time you started a PSIRT at your company.

December 6, 2018

Taking Action to Secure Our IBM Cloud Kubernetes Service Against Recent Kubernetes Security Vulnerabilities

2 min read - IBM Cloud Kubernetes Service is affected by recent vulnerabilities that could allow unauthorized access to Kubernetes and/or trusted user privilege escalation. Here's how to mitigate the risk.