Security Affairs

JANUARY 29, 2020

Security researchers have spotted a vulnerability, tracked as CVE-2020-7247, that affects a core email-related library used by many BSD and Linux distributions. Security experts from Qualys have discovered a flaw, tracked as CVE-2020-7247, in OpenSMTPD. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Libraries 78

Libraries Security IT Information Security 78

Security Affairs

JUNE 12, 2019

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. Microsoft Security Response Center (MSRC) told the Google expert that the company will not able to provide a security patch before next month.

Libraries 73

Libraries Encryption Security IT 73

Security Affairs

APRIL 18, 2024

The attackers employed the lure of a free IP scanning tool to infect the systems with the Anunak backdoor and gain an initial foothold using living-off-the-land binaries, scripts, and libraries (lolbas).

Phishing 109

Phishing Manufacturing Libraries IT 109

Security Affairs

AUGUST 30, 2020

The npm security team removed a malicious JavaScript library from the npm repository that was designed to steal sensitive files from the victims. The fallguys library claimed to provide an interface to the “ Fall Guys: Ultimate Knockout ” game API. ” reads the npm’s advisory. . Pierluigi Paganini.

Libraries 135

Libraries Access Security IT 135

Security Affairs

OCTOBER 21, 2020

Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. Google Project Zero is recommending other app development teams who use the same FreeType library to update their software as well.

Libraries 119

Libraries Security Information Security IT 119

Security Affairs

OCTOBER 18, 2020

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. The CVE-2020-17022 is a remote code execution vulnerability that exists in the way that Microsoft Windows Codecs Library handles objects in memory. Pierluigi Paganini.

Libraries 118

Libraries Manufacturing Security IT 118

Security Affairs

OCTOBER 17, 2020

Experts warn that systems running applications that imported one of these packages should be potentially compromised because the three JavaScript libraries opened web shells on the computers running them. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Libraries 140

Libraries Security Access IT 140

Security Affairs

MARCH 27, 2020

A few days ago, Microsoft warned of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. The vulnerabilities affects the way Windows Adobe Type Manager Library handles a specially-crafted multi-master font – Adobe Type 1 PostScript format. Pierluigi Paganini.

Libraries 112

Libraries Risk Security IT 112

Security Affairs

MARCH 23, 2020

Microsoft warns of hackers actively exploiting two zero-day remote code execution vulnerabilities in Windows Adobe Type Manager Library. Microsoft warns of hackers exploiting two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 95

Libraries Risk Authentication Security 95

Security Affairs

AUGUST 5, 2020

OVER 145 PAGESALWAYS FREE – LOADED WITH EXCELLENT CONTENT Learn from the experts, cybersecurity best practices Find out about upcoming information security related conferences, expos and trade shows. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Always free, no strings attached.

B2C 79

B2C IT Libraries Information Security 79

Security Affairs

MARCH 20, 2020

Drupal developers released security updates for versions 8.8.x x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates for versions 8.8.x x that address two XSS vulnerabilities that affect the CKEditor library. Pierluigi Paganini.

Libraries 107

Libraries Risk Access Security 107

Security Affairs

MAY 7, 2020

. “A possible memory overwrite vulnerability in Quram qmg library allows possible remote arbitrary code execution. The vulnerability resides in the Skia Android graphics library and affects the way Android OS running on Samsung devices handles the custom Qmage image format (.qmg). system libraries.” or libhwui.so

IT 109

IT Libraries Security Access 109

Security Affairs

SEPTEMBER 8, 2020

” CVE-2020-1129 – Microsoft Windows Codecs Library Remote Code Execution Vulnerability , which can be exploited to perform code execution if an affected system views a specially crafted image. Since this vulnerability resides in the codecs library, multiple applications could be affected. Pierluigi Paganini.

Libraries 86

Libraries Security Information Security IT 86

Security Affairs

APRIL 29, 2020

The discovery urges Apple into implementing additional security measures to protect these components, following the approach already adopted by Google to protect multimedia processing libraries. Multimedia processing libraries are used by the modern mobile OS to automatically manage multimedia files (i.e. Pierluigi Paganini.

Libraries 118

Libraries Paper Security Cybersecurity 118

Security Affairs

JANUARY 13, 2020

. “While the companies stress that they are committed to information security and cyber-defence, the technical job adverts that they have placed seek skills that would more likely be suitable for red teaming and conducting cyber-attacks,” they go on to say. ” continues the post. Pierluigi Paganini.

Libraries 87

Libraries Information Security Military Government 87

Security Affairs

SEPTEMBER 24, 2020

The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg. “Our blog post describes how image parsing code, as a third party library, ends up being the weakest point of Instagram’s large system. ” reads the analysis published by CheckPoint.

Access 118

Access Libraries Communications IT 118

Security Affairs

FEBRUARY 13, 2023

The attackers are sending out emails with fake job opportunities as bait in an attempt to trick victims into installing Enigma information-stealing malware. The attacker also exploits the CVE-2015-2291 flaw in an Intel driver to conduct BYOVD attacks and reduce the token integrity of Microsoft Defender. ” continues the report.

Archiving 86

Archiving File names Libraries Phishing 86

Security Affairs

APRIL 14, 2020

The two RCE flaws in Windows, tracked as CVE-2020-1020 and CVE-2020-0938 , are related to the Adobe Type Manager Library. In March, Microsoft warned of hackers exploiting the two zero-day remote code execution (RCE) vulnerabilities in the Windows Adobe Type Manager Library, both issues impact all supported versions of Windows.

Libraries 100

Libraries Authentication Security Risk 100

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” ” reads the post published by the experts. Pierluigi Paganini.

Libraries 95

Libraries Communications Financial Services Risk 95

Security Affairs

SEPTEMBER 6, 2019

The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries. One of the vulnerabilities, tracked as CVE-2019-13224, is a ‘use-after-free’ code execution issue that affects the Oniguruma regular expression library.

Libraries 81

Libraries Security IT Information Security 81

Security Affairs

MAY 9, 2020

The activity of the Lazarus APT group (aka HIDDEN COBRA ) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks. “Both Mac and Linux variants use the WolfSSL library for SSL communications. This library has been used by several threat actors.” ” continues the report.

Libraries 87

Libraries Communications Encryption Authentication 87

Security Affairs

MAY 12, 2020

IBM security researcher continues to monitor the evolution of the infamous Zeus Sphinx banking Trojan (aka Zloader or Terdot ) that receives frequent updates and that was involved in active coronavirus scams. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. 2 Trojan that was leaked online.

Libraries 97

Libraries Sales Government IT 97

Security Affairs

SEPTEMBER 2, 2019

. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.” ” wrote Cashdollar.

IoT 92

IoT Honeypots Libraries Archiving 92

Security Affairs

JUNE 13, 2019

” reads the security advisory. “Two vulnerabilities (CVE-2017-16544 and CVE-2015-0235) were verified by emulating the device with the MEDUSA scaleable firmware runtime. SEC Consult also discovered that WAGO industrial switches use outdated versions of the BusyBox UNIX toolkit and the GNU C Library (glibc).

Libraries 67

Libraries Passwords IoT Security 67

Security Affairs

SEPTEMBER 24, 2020

Secura researchers also released a Python script that uses the Impacket library to test vulnerability for the Zerologon exploit, it could be used by admins to determine if their domain controller is still vulnerable. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Authentication 129

Authentication Passwords Libraries Analytics 129

Security Affairs

DECEMBER 19, 2019

The most serious issue is related to the Archive_Tar third-party library, it has been assigned a severity rating of critical. “The Drupal project uses the third-party library Archive_Tar, which has released a security update that impacts some Drupal configurations. The issue affects Drupal 7x, 8.7.x x versions.

CMS 53

CMS Libraries Archiving Access 53

Security Affairs

DECEMBER 2, 2019

SafeBreach researchers found over the past months similar DLL hijacking flaws affecting security solutions from McAfee , Symantec , Avast and Avira. The service attempts to load multiple missing DLLs and an attacker with administrative privileges could load its own malicious library with SYSTEM privileges within the context of ksde.exe.

Libraries 68

Libraries Authentication Security IT 68

Security Affairs

OCTOBER 25, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. Recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to warn of a surge of Emotet attacks that have targeted multiple state and local governments in the U.S. since August. .

Ransomware 126

Ransomware Libraries Cybersecurity Government 126

Security Affairs

JULY 15, 2019

Launching the installer by typing npm i -g purescript from the command line, it is possible to install the package, an extensive collection of libraries that counts for 2,000 installs a week. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. on the purescript package” wrote Garrood.

Libraries 71

Libraries Access IT Security 71

Security Affairs

OCTOBER 11, 2019

The experts pointed out that the Touchpoint Analytics service would have high-permission-level access to the PC hardware, this means that a flaw affecting the could be exploited to escalate privileges to SYSTEM and bypass security features. ” reads the security advisory published by HP. Pierluigi Paganini.

Analytics 80

Analytics Libraries Security Access 80

Security Affairs

AUGUST 27, 2019

The module was hidden in a 3rd-party advertising library that the author of the app recently was introduced. “After analyzing the app, we saw an advertising library in it that contains a malicious dropper component. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

IT 101

IT Libraries Encryption Security 101

Security Affairs

SEPTEMBER 12, 2019

This operation is similar to the threat group’s August 2018 campaign , using compromised university resources to send library-themed phishing emails.” The hackers appear to be interested in getting access to the library, they sent phishing messages to people with access to the library of the targeted university.

Phishing 80

Phishing Libraries File names Metadata 80

Security Affairs

JUNE 7, 2019

Once discovered the flaw, the company decided to exploit it to protect the funds, anticipating the hackers and moving them to a secure location. “Today, Komodo were made aware of an issue with one of the libraries used by the Agama wallet, potentially putting some user funds at risk.” security team.

IT 75

IT Libraries Risk Security 75

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The alert published by CISA was based on data provided by the Multi-State Information Sharing & Analysis Center (MS-ISAC) and the CISA itself since July 2020. Pierluigi Paganini. SecurityAffairs – hacking, CISA).

Government 134

Government Libraries Cybersecurity Phishing 134

Security Affairs

JUNE 10, 2020

“VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. ” reads the security advisory published by the company. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Cloud 98

Cloud Libraries Authentication Access 98

Security Affairs

MAY 20, 2019

Searching for samples of Winnti malware on its VirusTotal platform, the experts discovered a Linux variant of Winnti, dating back to 2015. While reviewing a 2015 report of a Winnti intrusion at a Vietnamese gaming company, we identified a small cluster of Winnti? ” reads the analysis published by Chronicle. Windows version.

Healthcare 98

Healthcare Communications Libraries Access 98

Security Affairs

JANUARY 26, 2020

Malware attack took down 600 computers at Volusia County Public Library. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. US-based childrens clothing maker Hanna Andersson discloses a data breach. Yomi Hunter Catches the CurveBall. Jeff Bezos phone was hacked by Saudi crown prince. Pierluigi Paganini.

Security 80

Security Data breaches Military IoT 80