All news with #ibm tag

🔒 Researchers warn that seven vulnerabilities in IBM WebSphere Liberty can be chained from a pre-authentication SAML Web SSO flaw into full server compromise. The initial defect, tracked as CVE-2026-1561, allows unauthenticated attackers to supply crafted serialized payloads because a String.concat() misuse makes the integrity check ineffective, enabling pre-auth RCE against exposed SAML endpoints. Subsequent AdminCenter weaknesses let low-privileged 'reader' users retrieve keys and sensitive configuration, forge tokens, and abuse an archive-extraction flaw to write arbitrary files; IBM has issued patches and configuration guidance to mitigate the chain.

🛡️ IBM X-Force researchers have linked a PowerShell backdoor called Slopoly to financially motivated group Hive0163 and report indicators that portions of the script were likely produced with a large language model. The builder-delivered payload establishes persistence via a scheduled task named Runtime Broker and was used to maintain access for more than a week in a 2026 ransomware incident. Slopoly beacons system details every 30 seconds, polls for commands every 50 seconds, executes via cmd.exe and returns results to a C2 server. Although the script lacks true self-modifying polymorphism, its comments, logging and naming conventions demonstrate how AI can accelerate malware development.

⚠️ IBM X-Force warns of a 44% increase in attacks exploiting public-facing applications in 2025, driven by missing authentication controls and AI-enabled vulnerability scanning. Vulnerability exploitation accounted for 40% of incidents, while ransomware and extortion groups grew 49% year over year. The report highlights AI is speeding reconnaissance and exploitation and that supply chain compromises have nearly quadrupled since 2020.

🔍 Criminal IP has integrated with IBM QRadar SIEM and SOAR, embedding external IP-based threat intelligence directly into detection, investigation, and response workflows. Firewall traffic forwarded to QRadar is analyzed via the Criminal IP API and observed IPs are automatically scored as High, Medium, or Low to help prioritize actions. Analysts can right-click IPs in Log Activity to view detailed Criminal IP reports, while pre-built SOAR playbooks automate IP and URL enrichment to accelerate response without leaving the QRadar environment.

🔐 CIAM platforms manage authentication, authorization, consent, and customer identity for public-facing applications. Analysts highlight six leading solutions — IBM Security Verify, LoginRadius, Microsoft Entra, Okta/Auth0, OneLogin, and Ping Identity — each balancing usability, extensibility, and security differently. Offerings range from turnkey, no-code deployments to developer-led, API-first systems and vary in native fraud analytics, FIDO2 support, consent-management capabilities, and integrations with BI/CRM ecosystems. Organizations should weigh marketing data needs, privacy compliance, and fraud protection when choosing a CIAM.

🔒 IBM and Palo Alto Networks are partnering to deliver a unified, AI-powered cybersecurity foundation across Northern Europe, helping enterprises reduce tool sprawl, improve visibility and accelerate compliance. Their integrated stack—Cortex XSIAM, Cortex Cloud, Prisma Access and IBM consulting—secures cloud, AI pipelines and hybrid work while automating SOC workflows. The program targets measurable ROI, faster detection and simplified policy management aligned to NIS2, DORA and the EU AI Act.

🔒 IBM is urging customers to quickly apply interim fixes for a critical authentication-bypass vulnerability in IBM API Connect (CVE-2025-13915) that affects versions 10.0.8.0–10.0.8.5 and 10.0.11.0. The flaw can allow unauthorized access to exposed applications without user interaction and stems from a broken architectural assumption that traffic passing the gateway guarantees identity enforcement (CWE-305). IBM has published platform-specific interim fixes and advises disabling self-service sign-up on Developer Portals if patches cannot be applied; administrators must also remove image overrides when upgrading to avoid persistent shadow state.

🔒 IBM has disclosed a critical authentication bypass in IBM API Connect, tracked as CVE-2025-13915 with a CVSS score of 9.8. The flaw could allow remote attackers to gain unauthorized access to the application. Affected releases include 10.0.8.0–10.0.8.5 and 10.0.11.0. IBM advises downloading the interim fix from Fix Central and, if immediate patching is not possible, disabling Developer Portal self-service sign-up as a temporary mitigation.

🔒 IBM urged customers to patch a critical authentication bypass in its API Connect platform that could allow attackers to access applications remotely. Tracked as CVE-2025-13915 and rated 9.8/10, the flaw affects versions 10.0.11.0 and 10.0.8.0–10.0.8.5. Exploitation is low-complexity and requires no user interaction. IBM recommends upgrading to the latest release and offers interim mitigations, including disabling self-service sign-up on the Developer Portal.

🚀 Google Cloud announces the general availability of open-source IBM Spectrum Symphony HostFactory connectors for Google Compute Engine and GKE. The connectors enable organizations to extend on‑premises Symphony clusters into Google Cloud or deploy fully cloud-native clusters with automatic provisioning and decommissioning to match workload demand. Partner-built by Accenture and validated by Aneo, the connectors support enterprise features such as Spot and on‑demand VMs, GPUs, Local SSD, Confidential VMs, Pub/Sub event-driven management, Kubernetes CRDs, and integration with managed instance group (MIG) APIs for large-scale HPC operations.