IBM X-Force revealed that WannaCry spread to its targets like a computer worm. But unlike a classic worm, it carried a malicious payload of ransomware.
It took fraudsters less than 24 hours after the disclosure of a previously unknown Apache Struts 2 vulnerability to develop a Python script to exploit it.
Application security testing is the only way to prevent open source vulnerabilities from becoming a huge problem in the enterprise.
Although security researchers discovered Shellshock more than two years ago, it remains popular among fraudsters with basic skill sets and light wallets.
The SAP HANA security evolution started in 2011, peaked in 2014 and continues to deliver critical enhancements to provide analysts with greater visibility.
IT managers should take advantage of the many resources available to help them monitor, manage and ultimately remediate vulnerabilities.
Vulnerability management is a critical part of any security program, but many IT professionals fail to realize that it starts with risk management.
Researchers discovered a flaw in the ASN1C compiler produced by Objective Systems, Inc. It could lead to a dangerous network vulnerability.
As if to celebrate its two-year anniversary, Shellshock, one of the most infamous bugs of 2014, ramped up its activity in September.
The IBM X-Force Application Security Research Team discovered a previously undocumented vulnerability in older versions of Nexus 5X's Android images.