X-Force Identifies Vulnerability in IoT Platform

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a […]

The post X-Force Identifies Vulnerability in IoT Platform appeared first on Security Intelligence.

Continue reading X-Force Identifies Vulnerability in IoT Platform

Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

In September 2022, Microsoft patched an information disclosure vulnerability in SPNEGO NEGOEX (CVE-2022-37958). On December 13, Microsoft reclassified the vulnerability as “Critical” severity after IBM Security X-Force Red Security Researcher Valentina Palmiotti discovered the vulnerability could allow attackers to remotely execute code. The vulnerability is in the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism, which allows […]

The post Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism appeared first on Security Intelligence.

Continue reading Critical Remote Code Execution Vulnerability in SPNEGO Extended Negotiation Security Mechanism

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or […]

The post Containers, Security, and Risks within Containerized Environments appeared first on Security Intelligence.

Continue reading Containers, Security, and Risks within Containerized Environments

Electron Application Attacks: No Vulnerability Required

While you may have never heard of “Electron applications,” you most likely use them. Electron technology is in many of today’s most popular applications, from streaming music to messaging to video conferencing applications. Under the hood, Electron is essentially a Google Chrome window, which developers can modify to look however they prefer. Since Chrome is […]

The post Electron Application Attacks: No Vulnerability Required appeared first on Security Intelligence.

Continue reading Electron Application Attacks: No Vulnerability Required

Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

In an age where organizations have established a direct dependence on software to run critical business operations, it’s fundamental that they are evaluating their software development lifecycles and that of their extended environment — third-party partners — against the same standards. Concerns around vulnerability management are gaining more government attention around the world in order […]

The post Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform appeared first on Security Intelligence.

Continue reading Call to Patch: Zero Day Discovered in Enterprise Help Desk Platform

Behavior Transparency: Where Application Security Meets Cyber Awareness

How can you tell when software is behaving strangely if you don’t know what the right behavior is? That’s an important question when it comes to threat actors. After all, attackers often hijack honest software, networks and systems for dishonest ends. To stop them with security tools, the first step must be to have great […]

The post Behavior Transparency: Where Application Security Meets Cyber Awareness appeared first on Security Intelligence.

Continue reading Behavior Transparency: Where Application Security Meets Cyber Awareness

How AI Will Transform Data Security

I’ve often wondered whether artificial intelligence (AI) in cybersecurity is a good thing or a bad thing for data security. Yes, I love the convenience of online stores suggesting the perfect items for me based on my search history, but other times it feels a bit creepy to have a pair of shoes I looked […]

The post How AI Will Transform Data Security appeared first on Security Intelligence.

Continue reading How AI Will Transform Data Security

API Abuse Is a Data Security Issue Here to Stay

Just about every app uses an application programming interface (API). From a security standpoint, though, APIs also come with some common problems. Gartner predicted that API abuse will be the most common type of attack seen in 2022. So, what problems exactly do APIs face? And what can data security defenders do about it?  Prevalent […]

The post API Abuse Is a Data Security Issue Here to Stay appeared first on Security Intelligence.

Continue reading API Abuse Is a Data Security Issue Here to Stay

API Abuse Is a Data Security Issue Here to Stay

Just about every app uses an application programming interface (API). From a security standpoint, though, APIs also come with some common problems. Gartner predicted that API abuse will be the most common type of attack seen in 2022. So, what problems exactly do APIs face? And what can data security defenders do about it?  Prevalent […]

The post API Abuse Is a Data Security Issue Here to Stay appeared first on Security Intelligence.

Continue reading API Abuse Is a Data Security Issue Here to Stay

Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness

Security professionals keep busy. Before you can patch a vulnerability, you need to decide how important it is. How does it compare to the other problems that day? Choosing which jobs to do first using vulnerability management tools can be a key element of a smart security strategy. Software vulnerabilities are one of the root […]

The post Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness appeared first on Security Intelligence.

Continue reading Vulnerability Management: How a Risk-Based Approach Can Increase Efficiency and Effectiveness