Category Archives: ibm

IBM offers quantum-safe cryptography support for key management and app transactions in the cloud

IBM announced a series of cloud services and technologies designed to help clients maintain the highest available level of cryptographic key encryption protection to help protect existing data in the cloud and prepare for future threats that could evolve with advances in quantum computing. Pioneered by IBM Research scientists, the company is now offering quantum-safe cryptography support for key management and application transactions in IBM Cloud, making it the industry’s most holistic quantum-safe cryptography approach … More

The post IBM offers quantum-safe cryptography support for key management and app transactions in the cloud appeared first on Help Net Security.

Why most cloud journeys begin with application modernization

Security and compliance are always critical, but integrating across a hybrid cloud is a big hurdle for moving forward Canadian organizations encounter three common hurdles as they transition to cloud-based platforms, says IBM’s lead for hybrid multi-cloud services and Red Hat offerings. Speaking at a recent roundtable hosted by tech analyst IDC and sponsored by…

The post Why most cloud journeys begin with application modernization first appeared on IT World Canada.

XDR: Unifying incident detection, response and remediation

According to IBM’s Cost of a Data Breach Report 2020, the average time it took a company in 2019 to identify and contain a breach was 279 days. It was 266 days in 2018 and the average over the past five years was a combined 280 days. In other words, things haven’t gotten much better. It’s clear that time is not on CISOs’ side and they need to act fast. What’s holding organizations back when … More

The post XDR: Unifying incident detection, response and remediation appeared first on Help Net Security.

IBM urges infosec pros to patch DB2 for Windows, Cisco urges patches for Webex Meetings

IBM is warning infosec pros of a hijacking vulnerability in its DB2 database on Windows.

In a security bulletin issued Thursday, the company said the issue could allow a locally authenticated attacker to execute arbitrary code on the system. The cause is a DLL search order hijacking vulnerability in the Microsoft Windows client.

“By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system,” the bulletin says.

IBM says the issue carries a  Common Vulnerability Scoring System (CVSS) Base score of 7.8.

All fix pack levels of IBM DB2 including V9.7 (which reached end of life in September 2017), V10.1, V10.5, V11.1, and V11.5 editions on Windows are affected.

Customers running any vulnerable fixpack level of an affected version can download a special build containing the interim fix for this issue from IBM Fix Central. These special builds are available based on the most recent fixpack level for each impacted release. There are no workarounds or mitigations.

Meanwhile, Cisco has issued patches for its Webex Meetings server and client application to close vulnerabilities that allowed a hacker to listen in to meetings without being detected. A so-called ‘ghost’ attendee could have picked up valuable corporate intelligence.

The vulnerabilities, discovered by IBM researchers, allow a person to have full access to audio, video, chat and screen-sharing without being seen on the participant list. In fact they could stay in a Webex meeting and listen in even after being expelled from a session by maintaining the audio connection.

These vulnerabilities work by exploiting the handshake process that Webex uses to establish a connection between meeting participants, IBM explained. Usually, a client system and a server conduct a handshake process by exchanging ‘join’ messages with information about the attendees, client application, meeting ID, meeting room details and more.

A malicious actor can become a ghost by manipulating these messages during the handshake process between the Webex client application and the Webex server back-end to join or stay in a meeting without being seen by others.

 

The post IBM urges infosec pros to patch DB2 for Windows, Cisco urges patches for Webex Meetings first appeared on IT World Canada.

Home Trust quickly pivots during pandemic with IBM Cloud and VMware

The COVID-19 pandemic has been one of the greatest challenges that businesses have faced in their lifetime. But Home Trust — a financial services institution with about 1,000 employees — was ready for it, thanks to a cloud migration the previous year. “On Friday the 13th, the reality of COVID became apparent and we had…

The post Home Trust quickly pivots during pandemic with IBM Cloud and VMware first appeared on IT World Canada.

Cisco Webex vulnerabilities may enable attackers to covertly join meetings

Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list (CVE-2020-3419) Covertly maintain an audio connection to a Webex meeting after being expelled from it (CVE-2020-3471) Gain access to information (name, email, IP address, device info) on meeting attendees without being admitted to the meeting (CVE-2020-3441) About the Cisco Webex vulnerabilities The three flaws were discovered by IBM researchers, … More

The post Cisco Webex vulnerabilities may enable attackers to covertly join meetings appeared first on Help Net Security.

Tanium and IBM join forces to create a security and compliance monitoring solution for hybrid cloud

Tanium announced it is working with IBM to create a security and compliance monitoring solution for hybrid cloud, creating an easy path to verify and validate compliance for highly regulated industries such as healthcare, financial services and government. IBM Cloud customers can access Tanium-delivered compliance monitoring for continuous, real-time visibility across endpoints everywhere. This collaboration is designed to enable customers to manage and protect their mission-critical workloads in a distributed hybrid cloud environment. Agility is … More

The post Tanium and IBM join forces to create a security and compliance monitoring solution for hybrid cloud appeared first on Help Net Security.

Harry Rosen brings its personalized in-store experience online

Can a high-end retailer offer a digital customer experience that matches the personalized service it’s known for in-store? Can a decades-old company undergo digital transformation and stay true to who they are? Harry Rosen did just that, with the help of IBM Cloud and Kubernetes. Founded in 1954, the high-end Canadian men’s clothing retailer is…

The post Harry Rosen brings its personalized in-store experience online first appeared on IT World Canada.