Budapest, Oct. 09, 2023 (GLOBE NEWSWIRE) -- Silent Signal, a leading technology provider of state-of-the-art ethical hacking services and solutions, today announced its iCompliant – IBM i Configuration Assessment Tool, designed to empower IBM i System users to gain elevated security beyond compliance. iCompliant offers security teams an exceptional level of visibility into potential security gaps within their IBM i System. This is achieved by delivering a prioritized list of actionable insights, seamlessly integrated and feeding data into the organization's security dashboard. iCompliant empowers security teams to comprehensively address vulnerability classes by overseeing typical vulnerabilities and being able to recognize patterns in system components.
IBM i System, formerly known as AS/400, is a highly integrated and scalable operating environment designed for business-critical applications. It is the preferred choice for organizations that require adherence to multiple industry standards and regulatory compliance, including the finance, manufacturing, healthcare, telecommunications, and logistics industries. Discovering potential detection gaps is more important than ever, as data breaches disclosed by the attacker cost nearly $1 million more on a global average compared to organizations that identified the breach themselves ($5.23 million vs. $4.3 million), according to the latest “Cost of a Data Breach Report” 20231.
“CIOs and CISOs have been challenged by securing their mission-critical data kept in their old-time proven solutions, operating in the heart of their infrastructure, such as the IBM i System. Without the necessary tools, it’s impossible to have visibility in their traditional systems. We are addressing their needs with iCompliant, by providing visibility and reducing complexity”- said Zoltán Pánczél, co-founder and Head of Silent Signal Security Lab at Silent Signal.
“We have designed iCompliant to provide an in-depth, IBM i security assessment solution covering all security aspects from system configuration to object authorization. The Silent Signal Security Lab team has already discovered multiple critical IBM i vulnerabilities that others have missed, and we have shifted our focus on researching, reporting the gaps, and helping defenders get a single pane of glass view to start eliminating vulnerabilities” - he added.
Watch live Silent Signal Security Lab’s signature pentest techniques
Join the live webinar to learn how the Silent Signal team discovers formerly unknown flaws in IBM i Systems, and more importantly, how they can help organizations to secure existing IBM i infrastructures beyond compliance. See iCompliant in action and get technical guidance on implementing a defense-in-depth strategy that reduces the risk of exploitation even if a vulnerability occurs. Joining the webinar, UK-based Chilli IT will demonstrate how their CopyAssure service protects your data and recovers a verified backup in just 20 minutes.
When: 26 October 2023 at 5 PM CET| 4 PM GMT| 11 AM EDT| 8 AM PDT
Register: here (free to attend)
The Silent Signal Security Lab is credited with discovering more than 10 critical vulnerabilities in IBM i Systems in 2023 so far, including but not limited to:
- 1 local privilege escalation vulnerability in IBM Backup, Recovery & Media Services (BRMS) for i CVE-2023-40377
- 1 local privilege escalation vulnerability in IBM Directory Server for i CVE-2023-40378
- 1 local privilege escalation vulnerability in the base operating system code related to the Integrated Application Server for IBM i CVE-2023-40375
- 7 privilege escalation vulnerabilities in two core components, IBM Facsimile Support for i CVE-2023-30988 and IBM Performance Tools for i CVE-2023-30989.
Watch the detailed technical blog and video to learn how Silent Signal discovered and exploited the privilege escalation vulnerabilities and how malicious actors can do it within a minute. - 1 remote code execution vulnerability CVE-2023-30990
Read the technical blog to learn how IBM i was vulnerable to an attacker executing CL commands through the exploitation of DDM architecture. - 2 more vulnerabilities have been identified, reported to the vendor, and are currently under investigation.
1The 2023 Cost of a Data Breach Report, conducted by Ponemon Institute, is sponsored and analyzed by IBM Security
About Silent Signal
Silent Signal is an independent information security company providing state-of-the-art ethical hacking services and solutions. It helps its customers recognize the threats endangering their business, identify vulnerabilities affecting their systems, and plan their defense strategy to protect their most valuable assets. Silent Signal is headquartered in Budapest Hungary, having clients from the financial, telco, government, and industry sectors from 30 countries. For more information, visit https://silentsignal.eu/