[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.
https://spinsafe.com/wp-content/uploads/2022/09/hackaday-logo-with-text-opengraph-default-image.jpg6751200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-05-06 02:00:052023-05-06 02:00:05IBM Sees Influx In Zero-day Exploits
Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers, security researchers have warned.
The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high speeds. Rather than relying on TCP-based technologies such as FTP to move files, Aspera uses IBM’s proprietary FASP—short for Fast, Adaptive, and Secure Protocol—to better utilize available network bandwidth. The product also provides fine-grained management that makes it easy for users to send files to a list of recipients in distribution lists or shared inboxes or workgroups, giving transfers a workflow that’s similar to email.
In late January, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw. Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10.
On Tuesday, researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability.
“Rapid7 is aware of at least one recent incident where a customer was compromised via CVE-2022-47986,” company researchers wrote. “In light of active exploitation and the fact that Aspera Faspex is typically installed on the network perimeter, we strongly recommend patching on an emergency basis, without waiting for a typical patch cycle to occur.”
According to other researchers, the vulnerability is being exploited to install ransomware. Sentinel One researchers, for instance, said recently that a ransomware group known as IceFire was exploiting CVE-2022-47986 to install a newly minted Linux version of its file-encrypting malware. Previously, the…
https://spinsafe.com/wp-content/uploads/2023/03/evil-packet-760x380.jpg380760SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-03-28 23:30:052023-03-28 23:30:05Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity
Before he was Space Rogue, before L0pht, before testifying in front of Congress about what used to be a very unknown risk of networked computers, and before he embarked on a career in cybersecurity, he was just young Cris Thomas with a homemade flashlight.
Growing up in a mobile home in rural Maine in the 1970s, Thomas didn’t have a whole lot of access to technology in his early years. But at the tender age of five, armed with a hammer and a worn-out sealed alkaline flashlight — the kind that you threw away after the batteries lost their juice — he was able to first learn the basics of electrical circuits. Cannibalizing parts from those flashlights and adding C and D cell batteries and wires consisting of garbage bag twist ties, he was in business with his very own lighting device.
That kind of tinkering is the very essence of a hacker’s modus operandi, and it was the start of his love affair with hacking and his eventual profession as a cybersecurity leader. Over the years, Thomas has done stints at the likes of Trustwave Security, Tenable, and almost six years now at IBM as Global Lead of Policy and Special Initiatives. But at its root his beginnings have all the same flavor of self-directed experimentation and trial-and-error with his flashlight. His route was circuitous and full of ups and downs, but he says that in some ways it was easier for him to go down that path than those trying to get their break in cybersecurity today without the traditional path straight from college.
“There’s still people who are trying to break into the industry with little to no formal education, and the debate of college or certifications is still raging. So, I think getting into the industry, from an austere beginning and maybe even skipping the formal education and being self-taught — it is possible,” he says. “It’s a lot more difficult today, because I think people put a lot of importance on the college degree and the formal education, and so it’s hard to get around that stigma.”
After early grade school he moved to a bigger town, was exposed to computers in bits and pieces, and mastered the basics of BASIC from chance encounters, clubs, and high school computer class. But it wasn’t until…
https://spinsafe.com/wp-content/uploads/2023/02/profile-Space_Rogue.jpg8001200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-02-23 14:00:102023-02-23 14:00:10Space Rogue, From L0pht Hacker to IBM Security Influencer
The United Kingdom cyber security market is anticipated to witness a growth of steady CAGR in the forecast period, 2023-2027
Rapid digital transformation of all prominent industry verticals and the flourishing e-commerce industry are accelerating cybercrime and fraudulent activities.
The rise in spending on cyber security from private and public institutions and the increase in the number of cyber-attacks and malware activities are the key factors driving the growth of the United Kingdom cybersecurity market in the forecast period. With the need to protect confidential data from unauthorized access, organizations are actively adopting cybersecurity solutions.
Increased Complexity of Cyber-attacks Drives the Market Demand
Due to the adoption of online platforms by various end-user industries, a large amount of data is generated every day, which needs to protect from unauthorized access.
The rapid development of digitized services and the growing proliferation of online shopping among consumers are accelerating the rate of cybercrime activities, leading to increased spending on security by the public and private sectors. Hackers use innovative ideas to lure users, thereby increasing the complexity and intensity of cyber-attacks.
Increased sophistication and complexity of cybercrime activities drive the demand for advanced security solutions among enterprises. Companies have started to consider cybercrime as a major problem that could result in massive financial loss.
The rise in the market players offering innovative solutions to organizations and the growing threat of cyber-attacks are expected to fuel the growth of the United Kingdom cybersecurity market in the forecast period.
Supportive Government Policies Boost the Market Demand
Integrating advanced technologies such as machine learning,…
