#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

IBM | Breaking Cybersecurity News | The Hacker News

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials
Oct 10, 2023 Network Security / Password
A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month,  said  adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials." CVE-2023-3519  (CVSS score: 9.8), addressed by Citrix in July 2023, is a critical code injection vulnerability that could lead to unauthenticated remote code execution. Over the past few months, it has been  heavily   exploited  to  infiltrate vulnerable devices  and gain persistent access for follow-on attacks. In the latest attack chain discovered by IBM X-Force, the operators sent a specially crafted web request to trigger the exploitation of CVE-2023-3519 and deploy a PHP-based web shell. The access afforded by the web shell is subsequently leveraged to append cust

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers
Sep 02, 2022
Researchers have identified functional similarities between a malicious component used in the Raspberry Robin infection chain and a Dridex malware loader, further strengthening the operators' connections to the Russia-based Evil Corp group. The findings suggest that "Evil Corp is likely using Raspberry Robin infrastructure to carry out its attacks," IBM Security X-Force researcher Kevin Henson  said  in a Thursday analysis. Raspberry Robin (aka QNAP Worm), first  discovered  by cybersecurity company Red Canary in September 2021, has remained something of a mystery for nearly a year, partly owing to the noticeable lack of post-exploitation activities in the wild. That changed in July 2022 when Microsoft  revealed  that it observed the  FakeUpdates  (aka SocGholish) malware being delivered via existing Raspberry Robin infections, with potential connections identified between DEV-0206 and DEV-0243 (aka Evil Corp). The malware is known to be delivered from a compromised

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software

Researcher Discloses 4 Zero-Day Bugs in IBM's Enterprise Security Software
Apr 21, 2020
A cybersecurity researcher today publicly disclosed technical details and PoC for 4 unpatched zero-day vulnerabilities affecting an enterprise security software offered by IBM after the company refused to acknowledge the responsibly submitted disclosure. The affected premium product in question is IBM Data Risk Manager (IDRM) that has been designed to analyze sensitive business information assets of an organization and determine associated risks. According to Pedro Ribeiro from Agile Information Security firm, IBM Data Risk Manager contains three critical severity vulnerabilities and a high impact bug, all listed below, which can be exploited by an unauthenticated attacker reachable over the network, and when chained together could also lead to remote code execution as root. Authentication Bypass Command Injection Insecure Default Password Arbitrary File Download Ribeiro successfully tested the flaws against IBM Data Risk Manager version 2.0.1 to 2.0.3, which is not the la

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector
Dec 05, 2019
Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups— APT34 , also known as ITG13 and Oilrig, and Hive0081 , also known as xHunt. A team of researchers at IBM who discovered the ZeroCleare malware says that the new wiper malware shares some high-level similarities with the infamous Shamoon, one of the most destructive malware families known for damaging 30,000 computers at Saudi Arabia's largest oil producer in 2012. Just like the Shamoon wiper malware , ZeroCleare also uses a legitimate hard disk driver called 'RawDisk by ElDos' to overwrite the master boot record (MBR) and disk partitions of targeted computers running the Windows operating system. Though EldoS driver is not s

IBM Buys "Red Hat" Open-Source Software Company for $34 Billion

IBM Buys "Red Hat" Open-Source Software Company for $34 Billion
Oct 29, 2018
It's been quite a year for the open source platforms. Earlier this year, Microsoft acquired popular code repository hosting service GitHub for $7.5 billion , and now IBM has just announced the biggest open-source business deal ever. IBM today confirmed that it would be acquiring open source Linux firm Red Hat for $190 per share in cash, working out to a total value of approximately $34 billion. Red Hat, known for its Red Hat Enterprise Linux (RHEL) operating system, is a leading software company that offers open-source software products to the enterprise community. Even Oracle uses Red Hat's source code for its Oracle Linux product. Red Hat's last year revenue was $2.4 billion, and this year the company has earned $2.9 billion. But if Red Hat products are open source and updates are free, you might be wondering how does the company earn. Red Hat was one of the first companies who found a successful way to make money from free open-source software. It offers consul

U.S. Builds World's Fastest Supercomputer – Summit

U.S. Builds World's Fastest Supercomputer – Summit
Jun 11, 2018
China no longer owns the fastest supercomputer in the world; It is the United States now. Though China still has more supercomputers on the Top 500 list, the USA takes the crown of "world's fastest supercomputer" from China after IBM and the U.S. Department of Energy's Oak Ridge National Laboratory (ORNL) unveiled " Summit ." Summit is claimed to be more than twice as powerful as the current world leader with a peak performance of a whopping 200,000 trillion calculations per second—that's as fast as each 7.6 billion people of this planet doing 26.3 million calculations per second on a calculator. Until now the world's most powerful supercomputer was China's Sunway TaihuLight with the processing power of 93 petaflops (93,000 trillion calculations per second). Since June 2012, the U.S. has not possessed the world's most powerful supercomputer, but if Summit performs as claimed by IBM, it will be made straight to the top of the Top5

Want to Use Quantum Computer? IBM launches One for Free

Want to Use Quantum Computer? IBM launches One for Free
May 05, 2016
In Brief What would you do if you get access to a Quantum Computer? IBM Scientists launches the world's first cloud-based quantum computing technology, calling the IBM Quantum Experience, for anyone to use. It is an online simulator that lets anyone run algorithms and experiments on the company's five-qubit quantum computer. Quantum computers are expected to take the computing technology to the highest level, but it is an experimental and enormously complex technology that Google and NASA are working on and is just a dream for general users to play with. Hold on! IBM is trying to make your dream a reality. IBM just made its new quantum computing project online ( with tutorials ), making it available for free to anyone interested in playing with it. Quantum Computers — Now A Reality! The technology company said on Wednesday that it is giving the world access to one of its quantum computing processors, which is yet an experimental technology that has the potential

IBM developing Self-Destructing Microchips for US Defense

IBM developing Self-Destructing Microchips for US Defense
Feb 07, 2014
Science Fiction Movies always show the possible direction of the development of technology and gives us the opportunity to think about it. The U.S. Government is also trying to develop such technology that was introduced in movies like Star Trek and TERMINATOR i.e. Self destructing Network of computers, Sensors and other devices. The agency of the United States Department of Defense which is responsible for funding the development of many technologies, Defense Advanced Research Projects Agency (DARPA) has handed over a contract to IBM for creating a microchip that will self-destruct remotely. The project announced a year back, known as Vanishing Programmable Resources ( VAPR ) , which is dedicated to developing a CMOS microchip that self-destructs when it receives a certain frequency of radio signal from military command, in order to fully destroy it and preventing it from being used by the enemy. The U.S. Military uses all kinds of embedded systems and there are obvio
Cybersecurity Resources