Silent Signal Archives

ACS Password Leaks Are A Security Issue On IBM i

February 17, 2025 Alex Woodie

IBM i shops that are relying on the old WINLOGON process with their Access Client Solutions (ACS) installations will need to find a new way to synchronize passwords between Windows clients and IBM i servers. According to a new report from Silent Signal, the passwords could still be compromised.

In early January, Big Blue published an IBM Support document about problems that IBM i shops were having after they applied the Windows 11 24H2 update, which Microsoft had started rolling out in October 2024. IBM i customers who used the ACS Windows Application Package told IBM they were no longer …
Read more
Ethical Hackers Discuss Penetration Work On IBM i

September 16, 2024 Alex Woodie

The IBM i server is heralded as a secure platform, but in reality, it is susceptible to a range of attacks, including common ones and others that are unique to the platform. To help push the security ball forward and encourage secure IBM i configurations, researchers from Silent Signal recently discussed their latest work during a European ethical hacking conference.

In just a few years working on IBM i, Bálint Varga-Perke and Zoltan Panczel, the co-founders of the Hungarian company Silent Signal, have identified a handful security vulnerabilities on the platform, including a moderate security flaw in DDN in …
Read more
Midsummer Security Indicators: Hot and Gloomy

August 2, 2023 Alex Woodie

The hot summer heat is smothering Americans like a tight polyester jacket these days. Also having big impacts on Americans are hackers, security vulnerabilities, spam, and malicious emails, which seem to be peaking with the seasonal fry.

Security software company Securin scanned 8 million addressable IPs among US state government systems, and discovered 119,000 instances of high-risk services that could be easily exploited, according to a report released yesterday, dubbed “The State of Cybersecurity in America.”

All told, Securin found 3,700 exposed databases (Db2 among them), 3,400 exposed Secure Shell (SSH) endpoints, 2,780 exposed File Transfer Protocol (FTP) systems, and …
Read more
Serious New IBM i Vulns Exposed by Silent Signal – More On the Way

July 24, 2023 Alex Woodie

Two new vulnerabilities in core components of the IBM i operating system were disclosed by IBM last week, including one that impacts Performance Tools and another in Facsimile Support for i. Both vulnerabilities were discovered by Silent Signal, the Hungarian firm that discovered the recent DDM vulnerability, and both are considered high risk flaws that should be patched immediately.

More security flaws exist in IBM i that will be exposed in the months to come, the company says.

The first new flaw, CVE-2023-30988, pertains to a local privilege escalation vulnerability discovered in Facsimile Support for i, a native IBM …
Read more
New “High Priority” DDM Vulnerability Affects IBM i

July 10, 2023 Alex Woodie

Unauthenticated users can remotely run CL or PASE commands on IBM i as a result of a newly discovered vulnerability in the operating system’s Distributed Data Management (DDM) architecture. IBM issued a patch for the flaw, which it classified as moderate. However, the Hungary-based ethical hacking group that discovered the flaw, Silent Signal, recommends treating it as a high priority.

IBM disclosed the DDM security flaw and availability of program temporary fixes (PTFs) for IBM i version 7.2 through 7.5 via a security bulletin on June 30. The flaw was assigned CVE-2023-30990 by the Common Vulnerability Scoring System, and given …
Read more
White Hats Completely Dismantle Menu-Based Security

February 6, 2023 Alex Woodie

Think menu-based security can prevent cybercriminals from accessing the most important parts of your IBM i system? Think again, as the white hat hacking group Silent Signal recently demonstrated in a real-world penetration test of a bank’s IBM i system through a seemingly restricted green-screen interface.

Life was demonstrably simpler for midrange administrators before the Internet took off. Before we had all these different protocols providing access to applications and data – ODBC, FTP, SQL, Remote Command, etc. – an administrator could feel somewhat confident that users weren’t accessing things they shouldn’t by simply configuring their menus in a restrictive …
Read more
Pen Tester Silent Signal Targets IBM i

September 28, 2022 Alex Woodie

If you’re in the market for penetration testing services, you might be interested in hearing about a relatively new player in the market named Silent Signal. The Budapest, Hungary-based outfit has been offering IBM i penetration testing for the past year, and it’s already found security vulnerabilities in its clients’ systems.

Silent Signal has been providing penetration testing, IT security assessments, and training since it was founded by a trio of security experts in 2009. With around a dozen security certifications to their credits, the security experts are well versed in the standard methods companies use to block hackers and …
Read more

Content archive

Recent Posts

Subscribe

Pages

Search

ACS Password Leaks Are A Security Issue On IBM i

Ethical Hackers Discuss Penetration Work On IBM i

Midsummer Security Indicators: Hot and Gloomy

Serious New IBM i Vulns Exposed by Silent Signal – More On the Way

New “High Priority” DDM Vulnerability Affects IBM i

White Hats Completely Dismantle Menu-Based Security

Pen Tester Silent Signal Targets IBM i

Content archive

Recent Posts

Subscribe

Pages

Search