Analysis, Information Security and Libraries - Information Management Today

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Security Affairs

JANUARY 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome and Perl library flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Libraries

Libraries IT Cybersecurity Risk

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Libraries

Libraries IT Security Information Security

Malicious file analysis – Example 01

Security Affairs

AUGUST 9, 2022

Cyber Security Specialist Zoziel Pinto Freire shows an example of malicious file analysis presented during his lecture on BSides-Vitória 2022. My objective with this series of articles is to show examples of malicious file analysis that I presented during my lecture on BSides-Vitória 2022. Static Analysis x Dynamic Analysis.

Libraries

Libraries Metadata Education Security

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

New Android malicious library Goldoson found in 60 apps +100M downloads

Security Affairs

APRIL 15, 2023

The Goldoson library was discovered by researchers from McAfee’s Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. It is important to highlight that the library was not developed by the authors of the apps.

Libraries

Libraries Data collection Education Security

Experts monitor ongoing attacks using exploits for Log4j library flaws

Security Affairs

DECEMBER 27, 2021

Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library. Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures.

Libraries

Libraries Honeypots Security IT

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Security Affairs

DECEMBER 10, 2021

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library. Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell ), in the Apache Log4j Java-based logging library.

Libraries

Libraries IT Cloud Data breaches

Text4Shell, a remote code execution bug in Apache Commons Text library

Security Affairs

OCTOBER 19, 2022

Researcher discovered a remote code execution vulnerability in the open-source Apache Commons Text library. GitHub’s threat analyst Alvaro Munoz discovered a remote code execution vulnerability, tracked as CVE-2022-42889, in the open-source Apache Commons Text library. ” reads the post published by Munoz.

Libraries

Libraries IT Security Information Security

Researchers disclosed a remote code execution flaw in Fastjson Library

Security Affairs

JUNE 16, 2022

Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of a now patched high-severity security vulnerability in the popular Fastjson library that could be potentially exploited to achieve remote code execution.

Libraries

Libraries Cybersecurity Security IT

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Security Affairs

AUGUST 26, 2021

Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. ” reads CISA’s advisory.

Security

Security Authentication Libraries Passwords

Backdoor mechanism found in Ruby strong_password library

Security Affairs

JULY 8, 2019

The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production environment. The developer Tute Costa found a backdoor in the Ruby library during regular security audits. The attacker created a new version of the library (version 0.0.7

Libraries

Libraries Passwords Security IT

DuneQuixote campaign targets the Middle East with a complex backdoor

Security Affairs

APRIL 21, 2024

The threat actors behind the DuneQuixote campaign took steps to prevent collection and analysis the implants through the implementation of practical and well-designed evasion methods. The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.”

Libraries

Libraries Communications IT Government

Google addressed a new actively exploited Chrome zero-day

Security Affairs

DECEMBER 20, 2023

The flaw was reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19 and fixed in just one day. Reported by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group on 2023-12-19” reads the advisory published by the IT giant. ” continues the advisory.

Libraries

Libraries Access IT Information Security

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Authentication

Authentication Libraries Access Security

A flaw in the R programming language could allow code execution

Security Affairs

MAY 1, 2024

Since then, it has gained popularity among statisticians and data miners for its powerful features and extensive libraries for data manipulation, visualization, and statistical analysis. ” reads the analysis published by HiddenLayer. ” continues the analysis.

Metadata

Metadata Libraries Access IT

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Security Affairs

NOVEMBER 29, 2023

Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. Skia is an open-source 2D graphics library that provides common APIs that work across a variety of hardware and software platforms. The CVE-2023-5217 is a high-severity integer overflow in Skia.

Libraries

Libraries Security Access IT

Backdoored pirated applications targets Apple macOS users

Security Affairs

JANUARY 21, 2024

Each pirated application included the following components: Malicious dylib , a library loaded by the application that acts as a dropper. ” reads the analysis published by Jamf. ” reads the analysis published by Jamf. ” continues the analysis. log” from a remote server.

Libraries

Libraries IT Information Security Security

Experts released PoC exploit for critical Progress Software OpenEdge bug

Security Affairs

MARCH 11, 2024

However, they focused on the analysis of the details included in the advisory. ” reads the analysis published by Horizon3.ai. “The connect() method interestingly loads a native system library, auth.dll, and eventually calls the authorizeUser() method defined in it. . ” reads the analysis published by Horizon3.ai.

Authentication

Authentication Passwords Libraries Access

Ransomware Toolkit Cryptonite turning into an accidental wiper

Security Affairs

DECEMBER 6, 2022

The encryption and decryption are not robust and the ransomware lack features like Windows Shadow Copy removal, File unlocking for a more thorough impact, Anti-analysis, and Defensive evasion (AMSI bypass, disabling event logging, etc.). ” reads the analysis published by Fortinet.

Ransomware

Ransomware Encryption Libraries IT

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

The payload includes a dynamic-link library (vpn.sessings) that injects the post-exploitation tool Cobalt Strike Beacon into memory and awaits commands from the C2 server. The DLL also implements features to evade detection and avoid analysis by security experts. Threat actors used a cracked version of Cobalt Strike.

Military

Military Mining Libraries Security

OrBit, a new sophisticated Linux malware still undetected

Security Affairs

JULY 7, 2022

” reads the analysis published by the experts. “Unlike other threats that hijack shared libraries by modifying the environment variable LD_PRELOAD, this malware uses 2 different ways to load the malicious library. The experts pointed out that the malware outstands for its almost hermetic hooking of libraries.

Libraries

Libraries Cybersecurity Authentication Access

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Security Affairs

MARCH 16, 2023

Exploitation of this vulnerability allowed malicious actors to successfully execute remote code on a federal civilian executive branch (FCEB) agency’s Microsoft Internet Information Services (IIS) web server.” The joint alert recommends network defenders review the Malware Analysis Report, MAR-10413062-1.v1

Libraries

Libraries Government Ransomware Cybersecurity

Google fixed the second actively exploited Chrome zero-day of 2023

Security Affairs

APRIL 19, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12 [$1000][ 1430644 ] Medium CVE-2023-2137: Heap buffer overflow in sqlite.

Libraries

Libraries Education Access Cybersecurity

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

DECEMBER 1, 2023

The two issues are: CVE-2023-6345 Google Skia Integer Overflow Vulnerability CVE-2023-49103 ownCloud graphapi Information Disclosure Vulnerability CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow in Skia. Benoît Sevens and Clément Lecigne of Google’s Threat Analysis Group discovered the zero-day on on 2023-11-24.

IT

IT Libraries Cybersecurity Passwords

OpenSSL fixed two high-severity vulnerabilities

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library.

Libraries

Libraries Encryption Authentication Communications

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

The expert discovered a post where a researcher were sharing a fake Proof of Concept (POC) exploit code for an RPC Runtime Library Remote Code Execution flaw ( CVE-2022-26809 CVSS 9.8). The analysis of the malware revealed that it is a.Net binary packed with ConfuserEX , a free, open-source protector for.NET applications.

Libraries

Libraries Information Security Cybersecurity Security

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

Security Affairs

SEPTEMBER 28, 2023

The vulnerability was discovered by Clément Lecigne from Google’s Threat Analysis Group on 2023-09-25, a circumstance that suggests it was exploited by a nation-state actor or by a surveillance firm. Reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-09-25″ reads the advisory published by Google.

Libraries

Libraries Passwords Security IT

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

The attacking server that is defined as the master uses this connection to download the shared library exp_lin.so MODULE LOAD command – this allows for the loading of a module from the dynamic library downloaded at stage 4 at runtime. This library allows for exploitation of the vulnerability and runs arbitrary commands later.

Libraries

Libraries Honeypots Communications Cybersecurity

Google addressed 3 actively exploited flaws in Android

Security Affairs

JULY 8, 2023

CVE-2023-26083 CVE-2021-29256 CVE-2023-2136 The CVE-2023-26083 is an Arm Mali GPU kernel driver information disclosure vulnerability that the US CISA added to its Known Exploited Vulnerabilities catalog in April 2023. The flaw was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-12.

Libraries

Libraries Security Access IT

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, the researchers observed a surge in zero-day vulnerabilities in third-party components and libraries that can impact all products that use them.

Government

Government Ransomware Libraries Access

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Security Affairs

NOVEMBER 17, 2020

Shellcode play an essential role in cyber attacks, the popular expert Unixfreaxjp explained how to utilize radare2 for variation of shellcode analysis. A good analysis tool can help you dissect a shellcode if the low-level language analysis operation is supported, as any shellcode is coded in assembly language.

Libraries

Libraries IT Security Information Security

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

ForAllSecure

JUNE 7, 2023

Hartford CyberSecurity Summit Get ready for the very first Hartford Cyber Security Summit, where C-Suite and Senior Executives responsible for protecting their companies' critical infrastructures will connect with innovative solution providers and renowned information security experts.

Libraries

Libraries Sales Cybersecurity Education

Two Linux botnets already exploit Log4Shell flaw in Log4j

Security Affairs

DECEMBER 12, 2021

Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library.

Honeypots

Honeypots Libraries Authentication Passwords

Google fixed the third Chrome zero-day of 2023

Security Affairs

JUNE 6, 2023

The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group (TAG), which is the team at Google that monitors the activity of nation-state actors. The vulnerability is a type confusion issue that resides in the V8 JavaScript engine.

Libraries

Libraries Security IT Information Security

Multiple malicious packages in PyPI repository found stealing AWS secrets

Security Affairs

JUNE 25, 2022

The malicious packages, which were reported to PyPI, are: loglib-modules — appears to target developers familiar with the legitimate ‘loglib’ library. pyg-modules — appears to target developers familiar with the legitimate ‘pyg’ library. ” continues the analysis. com:8000/upload. another.

Libraries

Libraries Metadata Security IT

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 22, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. CVE-2023-2136 – Google Chrome Skia Integer Overflow Vulnerability.

IT

IT Libraries Cybersecurity Education

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations. The open-source tool is deployed within a base64 encoded script hidden in the TeamTNT cryptominer binary or ircbot.

IT

IT Libraries Mining Security

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. ” continues the report. that dates back to 2009.

Libraries

Libraries Manufacturing Communications Security

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Security Affairs

JANUARY 28, 2024

The vulnerability was reported by the researcher Yaniv Nizry from Sonar who wrote a detailed analysis of the issue. The open-source software uses the args4j library to parse CLI command arguments and options on the Jenkins controller.

Libraries

Libraries Authentication IT Access

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js.

Mining

Mining Libraries Cybersecurity Security

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

IT Governance

NOVEMBER 6, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Library branches remain open, Wi-Fi is still available and materials can still be borrowed. As of the publication of this blog post, the Library’s website remains offline.

Data Privacy

Data Privacy Privacy Libraries Security

Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool

Security Affairs

JULY 2, 2022

The unauthenticated remote code execution vulnerability was discovered by security researcher Naveen Sunkavally at Horizon3.ai The issue was discovered while investigating an endpoint managed by the CewolfRenderer servlet in the third-party Cewolf charting library. ” continues the analysis.

Libraries

Libraries Authentication Security Access

New EvilQuest ransomware targets macOS users

Security Affairs

JULY 1, 2020

The malware was also analyzed by Malwarebytes Director of Mac & Mobile Thomas Reed , Principal Security Researcher at Jamf Patrick Wardle , and Phil Stokes , macOS security researcher at SentinelOne. ” reads the analysis wrote by Wardle. The ransomware also checks for some common anti-virus solutions (e.g.

Ransomware

Ransomware Libraries Encryption Communications

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Pierluigi Paganini.

Mining

Mining Honeypots Libraries IT

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Security Affairs

JUNE 26, 2023

” reads the analysis published by the company. ” The analysis of the Apache Tomcat access logs revealed the execution of multiple HTTP POST requests to /html/promotion/selfsdp.jspx, which is a web shell used by the threat actors. ” concludes the report.

Cleanup

Cleanup Libraries Access Manufacturing

CISA ADDS CHROME AND PERL LIBRARY FLAWS TO ITS KNOWN EXPLOITED VULNERABILITIES CATALOG

Watch out! CVE-2023-5129 in libwebp library affects millions applications

Webinars

Trending Sources

Malicious file analysis – Example 01

Webinars

New Android malicious library Goldoson found in 60 apps +100M downloads

Experts monitor ongoing attacks using exploits for Log4j library flaws

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Text4Shell, a remote code execution bug in Apache Commons Text library

Researchers disclosed a remote code execution flaw in Fastjson Library

CISA publishes malware analysis reports on samples targeting Pulse Secure devices

Backdoor mechanism found in Ruby strong_password library

DuneQuixote campaign targets the Middle East with a complex backdoor

Google addressed a new actively exploited Chrome zero-day

Binarly released the free online scanner to detect the CVE-2024-3094 Backdoor

A flaw in the R programming language could allow code execution

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Backdoored pirated applications targets Apple macOS users

Experts released PoC exploit for critical Progress Software OpenEdge bug

Ransomware Toolkit Cryptonite turning into an accidental wiper

Targeted operation against Ukraine exploited 7-year-old MS Office bug

OrBit, a new sophisticated Linux malware still undetected

Multiple threat actors exploited Progress Telerik bug to breach U.S. federal agency

Google fixed the second actively exploited Chrome zero-day of 2023

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog

OpenSSL fixed two high-severity vulnerabilities

Threat actors target the infoSec community with fake PoC exploits

GOOGLE FIXED THE FIFTH CHROME ZERO-DAY OF 2023

New Go-based Redigo malware targets Redis servers

Google addressed 3 actively exploited flaws in Android

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Unixfreaxjp at #R2CON2020 presented shellcode basics for radare2

Meet The Team Behind Mayhem: Come See Us At These Upcoming June 2023 Events

Two Linux botnets already exploit Log4Shell flaw in Log4j

Google fixed the third Chrome zero-day of 2023

Multiple malicious packages in PyPI repository found stealing AWS secrets

CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog

TeamTNT group adds new detection evasion tool to its Linux miner

Devices from Dell, HP, and Lenovo used outdated OpenSSL versions

Multiple PoC exploits released for Jenkins flaw CVE-2024-23897

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

The Week in Cyber Security and Data Privacy: 30 October – 5 November 2023

Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool

New EvilQuest ransomware targets macOS users

Log4Shell was in the wild at least nine days before public disclosure

China-linked APT group VANGUARD PANDA uses a new tradecraft in recent attacks

Stay Connected