DDOS, Malware, Network security, Patch management, Vulnerability management

Researcher pressured to limit big reveal of Big Blue flaw

Greg MastersOctober 17, 2016

An Italian researcher who discovered a bug in IBM WebSphere and then worked with the company on fixing the flaw, had his research censored by Big Blue, according to ZDNet.

In a letter to Maurizio Agazzini, the company requested that the researcher censor the full accounting of his proof-of-concept (PoC) exploit code – after updates were issued to fix the flaw.

The bug, CVE-2016-5983, triggered by the application server, could enable attackers to initiate denial-of-service issues as well as remote execution of code.

When he first posted his disclosure, Agazzini included links to an exploit package, but IBM asked him to delete details. Researchers depend on PoC code to further investigate bugs.

"While not the normal IBM practice, in this specific case, we asked for some of the exploit details to be redacted to protect vulnerable users and allow them time to patch," IBM said in a statement to The Register.

Greg Masters

A cryptographic vulnerability can lead to denial-of-service attacks and can “definitely be weaponized” in the current threat environment, according to an NSA official. (Cybermaid, CC0, via Wikimedia Commons)

Application security

OpenSSL vulnerability can ‘definitely be weaponized,’ NSA cyber director says

Derek B. JohnsonMarch 21, 2022

The flaw affects OpenSSL versions 1.02, 1.1.1, and 3.0, all of which have been patched. OpenSSL is a core component of Unix and Linux-based systems, and is also bundled into software applications that run on Windows.

Israelis wave their national flags during a march next to the Western Wall on May 13, 2018, in Jerusalem. (Photo by Lior Mizrahi/Getty Images)

DDOS

Largest-ever cyberattack on Israel takes down government sites

Stephen WeigandMarch 15, 2022

Israeli government sites are back online after being struck with a distributed denial of service cyberattack on March 15.

Remote working amid the pandemic is a contributing factor to increased investments. (Photo by Erin Clark/The Boston Globe via Getty Images)

Hardware security

Mapping the MikroTik attack surface (or why your home office may have DDoSed a Russian search engine)

Joe UchillDecember 9, 2021

Owners of the globally popular and cheap MikroTik brand of home routers inadvertently were involved in an attempt to take down Russian search engine giant Yandex in September, when the MikroTik-based Mēris botnet was used in a record-breaking DDoS attack.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Researcher pressured to limit big reveal of Big Blue flaw

Related

OpenSSL vulnerability can ‘definitely be weaponized,’ NSA cyber director says

Largest-ever cyberattack on Israel takes down government sites

Mapping the MikroTik attack surface (or why your home office may have DDoSed a Russian search engine)

Get daily email updates