#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

IBM | Breaking Cybersecurity News | The Hacker News

Category — IBM
Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

Oct 10, 2023 Network Security / Password
A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month,  said  adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials." CVE-2023-3519  (CVSS score: 9.8), addressed by Citrix in July 2023, is a critical code injection vulnerability that could lead to unauthenticated remote code execution. Over the past few months, it has been  heavily   exploited  to  infiltrate vulnerable devices  and gain persistent access for follow-on attacks. In the latest attack chain discovered by IBM X-Force, the operators sent a specially crafted web request to trigger the exploitation of CVE-2023-3519 and deploy a PHP-based web shell. The access afforded by the web shell is subseque...
New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

Sep 02, 2022
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson  said  in a Thursday analysis. Raspberry Robin (aka QNAP Worm), first  discovered  by cybersecurity company Red Canary in September 2021, has remained something of a mystery for nearly a year, partly owing to the noticeable lack of post-exploitation activities in the wild. That changed in July 2022 when Microsoft  revealed  that it observed the  FakeUpdates  (aka SocGholish) malware being delivered via existing Raspberry Robin infections, with potential connections identified between DEV-0206 and DEV-0243 (aka Evil Corp). The malware is known to be del...
The Future of Network Security: Automated Internal and External Pentesting

The Future of Network Security: Automated Internal and External Pentesting

Dec 10, 2024Vulnerability / Perimeter Security
In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...
Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Apr 21, 2020
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the la...
cyber security

Innovate Securely: Top Strategies to Harmonize AppSec and R&D Teams

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

Dec 05, 2019
Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups— APT34 , also known as ITG13 and Oilrig, and Hive0081 , also known as xHunt. A team of researchers at IBM who discovered the ZeroCleare malware says that the new wiper malware shares some high-level similarities with the infamous Shamoon, one of the most destructive malware families known for damaging 30,000 computers at Saudi Arabia's largest oil producer in 2012. Just like the Shamoon wiper malware , ZeroCleare also uses a legitimate hard disk driver called 'RawDisk by ElDos' to overwrite the master boot record (MBR) and disk partitions of targeted computers running the Windows operating system. Though EldoS driver is not s...
IBM Buys "Red Hat" Open-Source Software Company for $34 Billion

IBM Buys "Red Hat" Open-Source Software Company for $34 Billion

Oct 29, 2018
It's been quite a year for the open source platforms. Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion , and now IBM has just announced the biggest open-source business deal ever. IBM today confirmed that it would be acquiring open source Linux firm Red Hat for $190 per share in cash, working out to a total value of approximately $34 billion. Red Hat, known for its Red Hat Enterprise Linux (RHEL) operating system, is a leading software company that offers open-source software products to the enterprise community. Even Oracle uses Red Hat's source code for its Oracle Linux product. Red Hat's last year revenue was $2.4 billion, and this year the company has earned $2.9 billion. But if Red Hat products are open source and updates are free, you might be wondering how does the company earn. Red Hat was one of the first companies who found a successful way to make money from free open-source software. It offers consul...
U.S. Builds World's Fastest Supercomputer – Summit

U.S. Builds World's Fastest Supercomputer – Summit

Jun 11, 2018
China no longer owns the fastest supercomputer in the world; It is the United States now. Though China still has more supercomputers on the Top 500 list, the USA takes the crown of "world's fastest supercomputer" from China after IBM and the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) unveiled " Summit ." Summit is claimed to be more than twice as powerful as the current world leader with a peak performance of a whopping 200,000 trillion calculations per second—that's as fast as each 7.6 billion people of this planet doing 26.3 million calculations per second on a calculator. Until now the world's most powerful supercomputer was China's Sunway TaihuLight with the processing power of 93 petaflops (93,000 trillion calculations per second). Since June 2012, the U.S. has not possessed the world's most powerful supercomputer, but if Summit performs as claimed by IBM, it will be made straight to the top of the Top5...
Want to Use Quantum Computer? IBM launches One for Free

Want to Use Quantum Computer? IBM launches One for Free

May 05, 2016
In Brief What would you do if you get access to a Quantum Computer? IBM Scientists launches the world's first cloud-based quantum computing technology, calling the IBM Quantum Experience, for anyone to use. It is an online simulator that lets anyone run algorithms and experiments on the company's five-qubit quantum computer. Quantum computers are expected to take the computing technology to the highest level, but it is an experimental and enormously complex technology that Google and NASA are working on and is just a dream for general users to play with. Hold on! IBM is trying to make your dream a reality. IBM just made its new quantum computing project online ( with tutorials ), making it available for free to anyone interested in playing with it. Quantum Computers — Now A Reality! The technology company said on Wednesday that it is giving the world access to one of its quantum computing processors, which is yet an experimental technology that has the potential...
IBM developing Self-Destructing Microchips for US Defense

IBM developing Self-Destructing Microchips for US Defense

Feb 07, 2014
Science Fiction Movies always show the possible direction of the development of technology and gives us the opportunity to think about it. The U.S. Government is also trying to develop such technology that was introduced in movies like Star Trek and TERMINATOR i.e. Self destructing Network of computers, Sensors and other devices. The agency of the United States Department of Defense which is responsible for funding the development of many technologies, Defense Advanced Research Projects Agency (DARPA) has handed over a contract to IBM for creating a microchip that will self-destruct remotely. The project announced a year back, known as Vanishing Programmable Resources ( VAPR ) , which is dedicated to developing a CMOS microchip that self-destructs when it receives a certain frequency of radio signal from military command, in order to fully destroy it and preventing it from being used by the enemy. The U.S. Military uses all kinds of embedded systems and there are obvio...
IBM Predicts 3D Holograms Revolutionizing Communication

IBM Predicts 3D Holograms Revolutionizing Communication

Dec 25, 2010
IBM has just released its annual five-year forecast, highlighting significant technological advancements. In the presentation video, the concept of "citizen scientists" is introduced. These individuals use sensors on computers, phones, and applications to gather mass data. Citizen scientists already employ these sensors to collect local data, such as monitoring when mosquitoes first appear in specific neighborhoods. This shared data could also aid in larger-scale events, like helping with earthquake aftermath by transmitting real-time site data to other networks. One of the major predictions is the rise of 3D holograms. The technology is already advancing with interactive systems like the Wii and Xbox Kinect, and the increasing popularity of 3D movies and televisions. IBM envisions using 3D holograms in innovative ways, such as conversing with someone in another location while walking down the street or collaborating with international colleagues through holographic interac...
Expert Insights / Articles Videos
Cybersecurity Resources