Security Affairs

APRIL 22, 2019

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x

Libraries 110

Libraries Security IT 110

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7 version 0.0.7

Libraries 83

Libraries Passwords Security IT 83

Security Affairs

JANUARY 4, 2020

Maintainers of the OpenCV library addressed two buffer overflow flaws that could lead to arbitrary code execution. Maintainers of the OpenCV library addressed two high-severity buffer overflow vulnerabilities that could be exploited by an attacker to execute arbitrary code. SecurityAffairs – library, hacking).

Libraries 73

Libraries Data structuring Security IT 73

Security Affairs

APRIL 2, 2019

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

Libraries 91

Libraries Phishing Security IT 91

Security Affairs

JULY 9, 2019

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. The flaw could be exploited by hackers to compromise the security of affected services using the library. The popular library is currently used in more than 4 million projects on GitHub.

Libraries 68

Libraries Security IT Information Security 68

Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. The CVE-2020-7247 flaw was introduced in the OpenSMTPD in May 2018, but many distros still use older implementation of the library that are not impacted. Pierluigi Paganini.

Libraries 83

Libraries Security IT Information Security 83

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. link] — Tavis Ormandy (@taviso) June 11, 2019. Pierluigi Paganini.

Libraries 77

Libraries Encryption Security IT 77

Security Affairs

APRIL 18, 2024

The attackers employed the lure of a free IP scanning tool to infect the systems with the Anunak backdoor and gain an initial foothold using living-off-the-land binaries, scripts, and libraries (lolbas).

Phishing 115

Phishing Manufacturing Libraries IT 115

Archives Blogs

FEBRUARY 5, 2020

In 2019, we added 11 new collections to the digital library. All added up with all the other types of files we loaded, we added 13,760 new items in the digital library in 2019! Now, the more interesting question, what are people looking at in the digital library? We also added 1,414 new books (over 71,000 pages). Dirac for Ph.D.

Libraries 26

Libraries Paper Archiving 26

CILIP

AUGUST 12, 2020

Do libraries have a role at the cutting edge of tech ethics? Set up by tech entrepreneur Martha Lane Fox in 2015, Doteveryone has lobbied government for more regulation of big tech and lobbied big tech companies to act more responsibly towards their users. DO librarians have a role at the cutting edge of tech regulation?

Libraries 52

Libraries Government IT Risk 52

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. ” reads the npm’s advisory. . ” concludes the advisory.

Libraries 138

Libraries Access Security IT 138

Security Affairs

OCTOBER 21, 2020

The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included in standard Chrome releases. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well. The FreeType version 2.10.4 address this issue.

Libraries 122

Libraries Security Information Security IT 122

Archive-It

JUNE 22, 2021

Internet Archive’s Community Webs program is delighted to announce a partnership with the Digital Public Library of America (DPLA) to ingest metadata from the over 700 publicly available Community Webs web archive collections into DPLA. by the Archive-It team.

Libraries 26

Libraries Archiving Metadata IT 26

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. ” reads the advisory.

Libraries 124

Libraries Manufacturing Security IT 124

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. Pierluigi Paganini.

Libraries 116

Libraries Risk Security IT 116

CILIP

JUNE 14, 2023

Highly skilled and predominantly female - Workforce Mapping 2023 Survey results out now The libraries and information sector has a highly experienced and predominantly female workforce, with 40 per cent of staff having more than 20 years of work experience, according to data gathered for the Workforce Mapping 2023 survey.

Libraries 52

Libraries Records Management Archiving Government 52

The Last Watchdog

MARCH 21, 2019

This jQuery vulnerability has been known to the black hat community since about 2015. Your software library might not depend on this (jQuery) library, but you might use some other third-party library, and that library depends on the vulnerable library,” Becker explained. “So Baking-in security.

Digital transformation 170

Digital transformation Libraries Security Cloud 170

Security Affairs

OCTOBER 17, 2020

Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 142

Libraries Security Access IT 142

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 100

Libraries Risk Authentication Security 100

CILIP

MAY 28, 2021

CILIP is excited to be launching our new Changing Lives Seminar Series, a programme of virtual events celebrating innovation and thought leadership in the library, knowledge and information sector. Schneider , Dean of the Library at Sonoma State University and a member of the American Library Association?s s Rainbow Round Table.

Libraries 52

Libraries IT 52

Security Affairs

MAY 7, 2020

. “A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution. The vulnerability resides in the Skia Android graphics library and affects the way Android OS running on Samsung devices handles the custom Qmage image format (.qmg). system libraries.” or libhwui.so

IT 112

IT Libraries Security Access 112

Security Affairs

MARCH 20, 2020

x that fix two XSS vulnerabilities affecting the CKEditor library. x that address two XSS vulnerabilities that affect the CKEditor library. “The Drupal project uses the third-party library CKEditor , which has released a security improvement that is needed to protect some Drupal configurations.”

Libraries 110

Libraries Risk Access Security 110

CILIP

OCTOBER 18, 2021

s library and information association and the Archives & Records Association (ARA) have jointly convened a Workforce Data Consortium (please see below for a full list of partners) to fund a Workforce Mapping Survey of the library, archives, records, information and knowledge sector. Invitation to Tender ? Workforce Mapping.

Libraries 52

Libraries Archiving Records Management Education 52

Security Affairs

MARCH 3, 2019

Npcap is the Nmap Project’s packet sniffing (and sending) library for Windows. It is based on the WinPcap / Libpcap libraries, but with improved speed, portability, security. “ Npcap is the exciting and feature-packed update to the venerable WinPcap packet capture library. Qt, GLib, GnuTLS, and Python).

Libraries 97

Libraries Security IT 97

Security Affairs

OCTOBER 17, 2018

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. This means that if a remote attacker sends the “SSH2_MSG_USERAUTH_SUCCESS” response to libssh, the library considers that the authentication has been successfully completed.

Libraries 98

Libraries Authentication Passwords Security 98

Security Affairs

SEPTEMBER 8, 2020

” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected. Pierluigi Paganini.

Libraries 89

Libraries Security Information Security IT 89

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. images, audio, and videos).

Libraries 122

Libraries Paper Security Cybersecurity 122

Security Affairs

JANUARY 12, 2019

include new database and automation APIs, evasion modules and libraries, language support, improved performance. includes new evasion modules and libraries, users can test their applications by generating their own evasion modules using the C programming language, a choice that makes the development easier. Metasploit 5.0

Libraries 111

Libraries Security IT 111

Security Affairs

FEBRUARY 13, 2023

The attacker also exploits the CVE-2015-2291 flaw in an Intel driver to conduct BYOVD attacks and reduce the token integrity of Microsoft Defender. The second-stage malware, UpdatTask.dll , is a dynamic-link library (DLL) written in C++ that includes two export functions, DllEntryPoint and Entry. ” continues the report.

Archiving 89

Archiving File names Libraries Phishing 89

Security Affairs

SEPTEMBER 24, 2020

The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. “Our blog post describes how image parsing code, as a third party library, ends up being the weakest point of Instagram’s large system. ” reads the analysis published by CheckPoint.

Access 123

Access Libraries Communications IT 123

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” ” reads the post published by the experts. Pierluigi Paganini.

Libraries 98

Libraries Communications Financial Services Risk 98

Security Affairs

FEBRUARY 21, 2019

The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive. The issue affects a third-party library, called UNACEV2.DLL The flaw resides in the way an old third-party library, called UNACEV2.DLL, dll library in 2005.

Libraries 101

Libraries Archiving Security IT 101

Security Affairs

APRIL 6, 2020

” The Kinsing miner is a Golang -based Linux agent that uses several Go libraries, including: go-resty – an HTTP and REST client library, used to communicate with a Command and Control (C&C) server. gopsutil – a process utility library, used for system and processes monitoring. ” concludes the experts.

Mining 105

Mining Libraries Cloud Communications 105

Security Affairs

APRIL 14, 2020

The two RCE flaws in Windows, tracked as CVE-2020-1020 and CVE-2020-0938 , are related to the Adobe Type Manager Library. In March, Microsoft warned of hackers exploiting the two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 103

Libraries Authentication Security Risk 103

Security Affairs

APRIL 23, 2020

Microsoft confirmed that the issues in the Autodesk FBX library opened some of its products to remote code execution attacks when processing specially crafted 3D content. “Remote code execution vulnerabilities exist in Microsoft products that utilize the FBX library when processing specially crafted 3D content. .

Libraries 92

Libraries Cybersecurity Security IT 92

Security Affairs

SEPTEMBER 6, 2019

The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries. One of the vulnerabilities, tracked as CVE-2019-13224, is a ‘use-after-free’ code execution issue that affects the Oniguruma regular expression library.

Libraries 82

Libraries Security IT Information Security 82

CILIP

JANUARY 15, 2020

About the Library. The 2nd Air Division USAAF Memorial Library is a unique organisation in the UK ? it is both a war memorial and a public library. One of our challenges is very simply explaining what we are to our British audience because the concept of a memorial library is so quintessentially American.

Libraries 52

Libraries Archiving Communications Marketing 52