61 matches found
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to SQL injection due to PostgreSQL (CVE-2022-31197) and obtaining sensitive information due to RESTEasy (CVE-2020-25633)
Summary IBM i Modernization Engine for Lifecycle Integration platform component is vulnerable to SQL injection and obtaining sensitive information as described in the Vulnerability Details section. These components are used in IBM i Modernization Engine for Lifecycle Integration for infrastructur...
5 SOAR Myths Debunked
A recently published ESG research ebook, sponsored by Rapid7, SOC Modernization and the Role of XDR, shows that organizations are increasingly leveraging security orchestration, automation, and response SOAR systems in an attempt to keep up with their security operations challenges. This makes...
Gimme! Gimme! Gimme! (More Data): What Security Pros Are Saying
Eight in 10 organizations collect, process, and analyze security operations data from more than 10 sources, ESG identified in a new ebook SOC Modernization and the Role of XDR, sponsored by Rapid7. Security professionals believe that the most important sources are endpoint security data 24%, thre...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Guava, Red Hat Single Sign-On, Springfox and Spring Security could allow a remote attacker to bypass security restrictions...
Three Reasons Why Unification Drives Modern Data Security Strategy
Today, the necessities of business innovation compel most organizations to have several teams with diverse priorities managing dozens of data sources, all with different structures. This makes it impossible to secure complete data repositories successfully using traditional methods. This post wil...
XSS in JSON: Old-School Attacks for Modern Applications
I recently wrote a blog post on injection-type vulnerabilities and how they were knocked down a few spots from 1 to 3 on the new OWASP Top 10 for 2022. The main focus of that article was to demonstrate how stack traces could be — and still are — used via injection attacks to gather information...
A clearer lens on Zero Trust security strategy: Part 1
Todays world is flooded with definitions and perspectives on Zero Trust, so we are kicking off a blog series to bring clarity to what Zero Trust is and what it means. This first blog will draw on the past, present, and future to bring a clear vision while keeping our feet planted firmly on the...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i
Summary Vulnerabilities detected in Node.js versions before v14.16.2 that affect the Cordova platform packaged with Rational Developer for i Software. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...
The critical role of Zero Trust in securing our world
We are operating in the most complex cybersecurity landscape that we’ve ever seen. While our current ability to detect and respond to attacks has matured incredibly quickly in recent years, bad actors haven’t been standing still. Large-scale attacks like those pursued by Nobelium1 and Hafnium,...
Digital Transformation Usain Bolt-Style: Health Care's Sprint to Modernization
In the present age, patients now use smartphone apps to schedule doctor's visits, contact insurance companies, and get prescriptions instead of picking up the phone...
Security Bulletin: Multiple vulnerabilities in Node.js affecting Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i Modernization Tools, Java edition, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that affect the Cordova platform...
What’s Different About Data Security in the Cloud? Almost Everything.
Well before the onset of the pandemic most organizations had a digital transformation plan in place which included migrating workloads to new modern architectures, usually a private, public, or hybrid cloud. As the challenges caused by COVID-19 became more acute, these organizations accelerated...
The Only Constant Is Change -- Rethinking Secure Access for a New Workforce
It seems like a long time ago now when IT teams had their annual strategy meeting, where topics related to network modernization with SASE or SD-WANs, remote access, threat prevention, and cloud adoption were likely discussed. COVID-19, however, has caused a lot of these initiatives to take a...
How We Streamlined Infrastructure and Tooling as a Service for Development
At VMware Carbon Black, we’ve historically acquired a broad technology stack in our journey to build the premier security solution that understands cybercriminal behavior. Inheriting such a variety of tooling and storage solutions presented a challenge for us operationally. So, in order to reduce...
Security Bulletin: Multiple OpenSSL vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple OpenSSL vulnerabilities in Node.js were found on May ...
Security Bulletin: Multiple vulnerabilities in modules from the IBM SDK for Node.js affect the Cordova tools packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux (CVE-2014-7191 and CVE-2014-7192)
Summary Security vulnerabilities have been discovered in the syntax-error and qs modules packaged in the IBM SDK for Node.js and Cordova platform packaged in Rational Developer for i Modernization Tools Java Edition and Rational Developer for AIX and Linux. The fix upgrades IBM SDK for Node.js to...
GDPR Is Here: How GDPR Readiness Can Boost Your Business
Most discussions about the EU’s General Data Protection Regulation GDPR have naturally focused on best practices for achieving compliance and avoiding penalties. With GDPR now a reality for all companies that store and process personal data of EU residents, an often overlooked aspect has been the...
Threat Outbreak Alert RuleID32722: Email Messages Distributing Malicious Software on May 8, 2018
Medium Alert ID: 57826 First Published: 2018 May 8 16:28 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32722 may contain the following files: Name | Size ...
Cybersecurity Executive Order 13800: More than a Risk Assessment?
Written by Sr. Solutions Engineer, Micah Maryn. Most folks around the Washington DC beltway have heard the cybersecurity Executive Order EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure referred to as a simple risk assessment. But the reality is that it i...
President’s Cybersecurity Executive Order
On May 11, 2017, President Trump released the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This E.O. -- while stand alone in focus --should be seen in the context of a greater move in the Executive Branch to elevate the awareness...